Security update for ceph

Announcement ID:	SUSE-SU-2018:0083-1
Rating:	moderate
References:	bsc#1060904 bsc#1063014 bsc#1066182 bsc#1067119 bsc#1067705
Cross-References:	CVE-2017-16818
CVSS scores:	CVE-2017-16818 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-16818 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Enterprise Storage 5 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that solves one vulnerability and has four security fixes can now be installed.

Description:

This update for ceph to version 12.2.2+git.1513357992.5030136da9 fixes several issues.

This security issue was fixed:

• CVE-2017-16818: Remote authenticated users could have caused a DoS (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API (bsc#1063014).

These non-security issues were fixed:

• Loglevel misleading during keystone authentication (bsc#1060904).
• Issues with RGW Multi-Site Federation between SES5 and RH Ceph Storage 2 (bsc#1067705).
• Fix container synchronization between two Ceph clusters problem (bsc#1066182).
• tools/crushtool: skip device id if no name exists (bsc#1067119)

For details about the 12.2.2 release please see https://ceph.com/releases/v12-2-2-luminous-released/

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Enterprise Storage 5
  zypper in -t patch SUSE-Storage-5-2018-65=1

Package List:

• SUSE Enterprise Storage 5 (aarch64 x86_64)
  • rbd-nbd-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-base-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • python3-rados-12.2.2+git.1513357992.5030136da9-2.10.1
  • rbd-nbd-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • python-cephfs-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • rbd-fuse-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • python-rgw-12.2.2+git.1513357992.5030136da9-2.10.1
  • rbd-mirror-12.2.2+git.1513357992.5030136da9-2.10.1
  • python3-cephfs-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • python3-cephfs-12.2.2+git.1513357992.5030136da9-2.10.1
  • python3-rbd-12.2.2+git.1513357992.5030136da9-2.10.1
  • python-rbd-12.2.2+git.1513357992.5030136da9-2.10.1
  • librbd1-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-common-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-osd-12.2.2+git.1513357992.5030136da9-2.10.1
  • rbd-mirror-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • python-cephfs-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-fuse-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-12.2.2+git.1513357992.5030136da9-2.10.1
  • librgw2-12.2.2+git.1513357992.5030136da9-2.10.1
  • librados2-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-mds-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-osd-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-base-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-radosgw-12.2.2+git.1513357992.5030136da9-2.10.1
  • libradosstriper1-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • python-rados-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-fuse-12.2.2+git.1513357992.5030136da9-2.10.1
  • python-ceph-compat-12.2.2+git.1513357992.5030136da9-2.10.1
  • python3-rgw-12.2.2+git.1513357992.5030136da9-2.10.1
  • python3-rbd-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-mds-12.2.2+git.1513357992.5030136da9-2.10.1
  • rbd-fuse-12.2.2+git.1513357992.5030136da9-2.10.1
  • python3-ceph-argparse-12.2.2+git.1513357992.5030136da9-2.10.1
  • python3-rgw-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • librados2-12.2.2+git.1513357992.5030136da9-2.10.1
  • python3-rados-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • python-rbd-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-mgr-12.2.2+git.1513357992.5030136da9-2.10.1
  • libradosstriper1-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-mon-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-common-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • librbd1-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • python-rados-12.2.2+git.1513357992.5030136da9-2.10.1
  • libcephfs2-12.2.2+git.1513357992.5030136da9-2.10.1
  • python-rgw-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • libcephfs2-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-debugsource-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-radosgw-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • librgw2-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-mon-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1
  • ceph-mgr-debuginfo-12.2.2+git.1513357992.5030136da9-2.10.1

References:

• https://www.suse.com/security/cve/CVE-2017-16818.html
• https://bugzilla.suse.com/show_bug.cgi?id=1060904
• https://bugzilla.suse.com/show_bug.cgi?id=1063014
• https://bugzilla.suse.com/show_bug.cgi?id=1066182
• https://bugzilla.suse.com/show_bug.cgi?id=1067119
• https://bugzilla.suse.com/show_bug.cgi?id=1067705