Security update for ceph

Announcement ID: SUSE-SU-2018:1576-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2018-7262 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Enterprise Storage 5
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that solves one vulnerability and has nine security fixes can now be installed.

Description:

This update for ceph to 12.2.5-407-g5e7ea8cf03 fixes the following issues:

Security issue fixed:

  • CVE-2018-7262: The rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. rgw: make init env methods return an error (bsc#1081379)

Other issues fixed:

  • osd: do not crash on empty snapset (bsc#1074301)
  • mon: add 'ceph osd pool get erasure allow_ec_overwrites' command (bsc#1087269)
  • journal: limit number of appends sent in one librados op (bsc#1086340)
  • RGW user stats fixes (bsc#1087493)
  • rgw openssl fixes (bsc#1079076, bsc#1081379)
  • rocksdb: fixes early metadata spill over to slow device in bluefs (bsc#1071386)
  • mon: reenable timer to send digest when paxos is temporarily inactive (bsc#1070357)
  • fsid mismatch when creating additional OSDs (bsc#1080788)
  • crash in civetweb/RGW (bsc#1081600)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Enterprise Storage 5
    zypper in -t patch SUSE-Storage-5-2018-1092=1

Package List:

  • SUSE Enterprise Storage 5 (aarch64 x86_64)
    • python-rbd-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-mgr-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python3-cephfs-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-mon-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-radosgw-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • librados2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-mds-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • rbd-mirror-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python-rbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-base-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python-rgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-debugsource-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • libcephfs2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python-rgw-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • libradosstriper1-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python3-rgw-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python-cephfs-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • libradosstriper1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python-rados-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python3-rados-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • librgw2-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python-rados-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • rbd-mirror-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-common-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • rbd-fuse-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-mgr-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-radosgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python3-cephfs-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • librbd1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • librados2-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-fuse-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • librbd1-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • rbd-fuse-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python-ceph-compat-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python-cephfs-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-base-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-common-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-fuse-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python3-rados-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • rbd-nbd-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python3-rbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-osd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • librgw2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-osd-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • libcephfs2-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python3-rgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-mds-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • ceph-mon-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python3-ceph-argparse-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • rbd-nbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.13.3
    • python3-rbd-12.2.5+git.1524775272.5e7ea8cf03-2.13.3

References: