Security update for ceph
Announcement ID: | SUSE-SU-2018:0083-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves one vulnerability and has four security fixes can now be installed.
Description:
This update for ceph to version 12.2.2+git.1513357992.5030136da9 fixes several issues.
This security issue was fixed:
- CVE-2017-16818: Remote authenticated users could have caused a DoS (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API (bsc#1063014).
These non-security issues were fixed:
- Loglevel misleading during keystone authentication (bsc#1060904).
- Issues with RGW Multi-Site Federation between SES5 and RH Ceph Storage 2 (bsc#1067705).
- Fix container synchronization between two Ceph clusters problem (bsc#1066182).
- tools/crushtool: skip device id if no name exists (bsc#1067119)
For details about the 12.2.2 release please see https://ceph.com/releases/v12-2-2-luminous-released/
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Enterprise Storage 5
zypper in -t patch SUSE-Storage-5-2018-65=1
Package List:
-
SUSE Enterprise Storage 5 (aarch64 x86_64)
- rbd-nbd-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-base-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- python3-rados-12.2.2+git.1513357992.5030136da9-2.10.1
- rbd-nbd-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- python-cephfs-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- rbd-fuse-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- python-rgw-12.2.2+git.1513357992.5030136da9-2.10.1
- rbd-mirror-12.2.2+git.1513357992.5030136da9-2.10.1
- python3-cephfs-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- python3-cephfs-12.2.2+git.1513357992.5030136da9-2.10.1
- python3-rbd-12.2.2+git.1513357992.5030136da9-2.10.1
- python-rbd-12.2.2+git.1513357992.5030136da9-2.10.1
- librbd1-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-common-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-osd-12.2.2+git.1513357992.5030136da9-2.10.1
- rbd-mirror-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- python-cephfs-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-fuse-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-12.2.2+git.1513357992.5030136da9-2.10.1
- librgw2-12.2.2+git.1513357992.5030136da9-2.10.1
- librados2-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-mds-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-osd-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-base-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-radosgw-12.2.2+git.1513357992.5030136da9-2.10.1
- libradosstriper1-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- python-rados-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-fuse-12.2.2+git.1513357992.5030136da9-2.10.1
- python-ceph-compat-12.2.2+git.1513357992.5030136da9-2.10.1
- python3-rgw-12.2.2+git.1513357992.5030136da9-2.10.1
- python3-rbd-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-mds-12.2.2+git.1513357992.5030136da9-2.10.1
- rbd-fuse-12.2.2+git.1513357992.5030136da9-2.10.1
- python3-ceph-argparse-12.2.2+git.1513357992.5030136da9-2.10.1
- python3-rgw-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- librados2-12.2.2+git.1513357992.5030136da9-2.10.1
- python3-rados-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- python-rbd-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-mgr-12.2.2+git.1513357992.5030136da9-2.10.1
- libradosstriper1-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-mon-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-common-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- librbd1-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- python-rados-12.2.2+git.1513357992.5030136da9-2.10.1
- libcephfs2-12.2.2+git.1513357992.5030136da9-2.10.1
- python-rgw-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- libcephfs2-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-debugsource-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-radosgw-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- librgw2-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-mon-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
- ceph-mgr-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
References:
- https://www.suse.com/security/cve/CVE-2017-16818.html
- https://bugzilla.suse.com/show_bug.cgi?id=1060904
- https://bugzilla.suse.com/show_bug.cgi?id=1063014
- https://bugzilla.suse.com/show_bug.cgi?id=1066182
- https://bugzilla.suse.com/show_bug.cgi?id=1067119
- https://bugzilla.suse.com/show_bug.cgi?id=1067705