Описание
Security update for ceph
This update for ceph fixes the following issues:
- CVE-2016-5009: moncommand with empty prefix could crash monitor [bsc#987144]
- Invalid commandd in SOC7 with ceph [bsc#1008894]
- Performance fix was missing in SES4 [bsc#1005179]
- ceph build problems on ppc64le [bsc#982141]
- ceph make build unit test failure [bsc#977940]
- ceph-deploy mon create-initial fails on one node [bsc#999688]
- MDS dies while running xfstests [bsc#985232]
- Typerror while calling _recover_auth_meta() [bsc#1008501]
- OSD daemon uses ~100% CPU load right after OSD creation / first OSD start [bsc#1014338]
- civetweb HTTPS support not working [bsc#990438]
- systemd is killing off OSDs [bsc#1007216]
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
ceph-common-10.2.4+git.1481215985.12b091b-16.2
libcephfs1-10.2.4+git.1481215985.12b091b-16.2
librados2-10.2.4+git.1481215985.12b091b-16.2
libradosstriper1-10.2.4+git.1481215985.12b091b-16.2
librbd1-10.2.4+git.1481215985.12b091b-16.2
python-cephfs-10.2.4+git.1481215985.12b091b-16.2
python-rados-10.2.4+git.1481215985.12b091b-16.2
python-rbd-10.2.4+git.1481215985.12b091b-16.2
SUSE Linux Enterprise Server 12 SP2
ceph-common-10.2.4+git.1481215985.12b091b-16.2
libcephfs1-10.2.4+git.1481215985.12b091b-16.2
librados2-10.2.4+git.1481215985.12b091b-16.2
libradosstriper1-10.2.4+git.1481215985.12b091b-16.2
librbd1-10.2.4+git.1481215985.12b091b-16.2
python-cephfs-10.2.4+git.1481215985.12b091b-16.2
python-rados-10.2.4+git.1481215985.12b091b-16.2
python-rbd-10.2.4+git.1481215985.12b091b-16.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
ceph-common-10.2.4+git.1481215985.12b091b-16.2
libcephfs1-10.2.4+git.1481215985.12b091b-16.2
librados2-10.2.4+git.1481215985.12b091b-16.2
libradosstriper1-10.2.4+git.1481215985.12b091b-16.2
librbd1-10.2.4+git.1481215985.12b091b-16.2
python-cephfs-10.2.4+git.1481215985.12b091b-16.2
python-rados-10.2.4+git.1481215985.12b091b-16.2
python-rbd-10.2.4+git.1481215985.12b091b-16.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
ceph-common-10.2.4+git.1481215985.12b091b-16.2
libcephfs1-10.2.4+git.1481215985.12b091b-16.2
librados2-10.2.4+git.1481215985.12b091b-16.2
libradosstriper1-10.2.4+git.1481215985.12b091b-16.2
librbd1-10.2.4+git.1481215985.12b091b-16.2
python-cephfs-10.2.4+git.1481215985.12b091b-16.2
python-rados-10.2.4+git.1481215985.12b091b-16.2
python-rbd-10.2.4+git.1481215985.12b091b-16.2
SUSE Linux Enterprise Software Development Kit 12 SP2
libcephfs-devel-10.2.4+git.1481215985.12b091b-16.2
librados-devel-10.2.4+git.1481215985.12b091b-16.2
libradosstriper-devel-10.2.4+git.1481215985.12b091b-16.2
librbd-devel-10.2.4+git.1481215985.12b091b-16.2
Ссылки
- Link for SUSE-SU-2017:0367-1
- E-Mail link for SUSE-SU-2017:0367-1
- SUSE Security Ratings
- SUSE Bug 1005179
- SUSE Bug 1007216
- SUSE Bug 1008501
- SUSE Bug 1008894
- SUSE Bug 1014338
- SUSE Bug 977940
- SUSE Bug 982141
- SUSE Bug 985232
- SUSE Bug 987144
- SUSE Bug 990438
- SUSE Bug 999688
- SUSE CVE CVE-2016-5009 page
Описание
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:ceph-common-10.2.4+git.1481215985.12b091b-16.2
SUSE Linux Enterprise Desktop 12 SP2:libcephfs1-10.2.4+git.1481215985.12b091b-16.2
SUSE Linux Enterprise Desktop 12 SP2:librados2-10.2.4+git.1481215985.12b091b-16.2
SUSE Linux Enterprise Desktop 12 SP2:libradosstriper1-10.2.4+git.1481215985.12b091b-16.2
Ссылки
- CVE-2016-5009
- SUSE Bug 987144