SUSE-SU-2019:0499-1

Опубликовано: 26 фев. 2019

Источник: suse-cvrf

Описание

Security update for ceph

This update for ceph fixes the following issues:

Security issues fixed:

CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177)
CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710)
CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567)

Non-security issue fixed:

os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246)

Список пакетов

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

SUSE Enterprise Storage 5

ceph-12.2.10+git.1549630712.bb089269ea-2.27.2

ceph-base-12.2.10+git.1549630712.bb089269ea-2.27.2

ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2

ceph-fuse-12.2.10+git.1549630712.bb089269ea-2.27.2

ceph-mds-12.2.10+git.1549630712.bb089269ea-2.27.2

ceph-mgr-12.2.10+git.1549630712.bb089269ea-2.27.2

ceph-mon-12.2.10+git.1549630712.bb089269ea-2.27.2

ceph-osd-12.2.10+git.1549630712.bb089269ea-2.27.2

ceph-radosgw-12.2.10+git.1549630712.bb089269ea-2.27.2

libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2

librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2

librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2

python-ceph-compat-12.2.10+git.1549630712.bb089269ea-2.27.2

python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2

python3-ceph-argparse-12.2.10+git.1549630712.bb089269ea-2.27.2

python3-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2

python3-rados-12.2.10+git.1549630712.bb089269ea-2.27.2

python3-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2

python3-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2

rbd-fuse-12.2.10+git.1549630712.bb089269ea-2.27.2

rbd-mirror-12.2.10+git.1549630712.bb089269ea-2.27.2

rbd-nbd-12.2.10+git.1549630712.bb089269ea-2.27.2

SUSE Linux Enterprise Desktop 12 SP3

ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2

libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2

librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2

librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2

python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2

SUSE Linux Enterprise Desktop 12 SP4

ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2

libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2

librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2

librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2

python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2

SUSE Linux Enterprise Server 12 SP3

ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2

libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2

librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2

librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2

python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2

SUSE Linux Enterprise Server 12 SP4

ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2

libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2

librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2

librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2

python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2

libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2

librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2

librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2

python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2

SUSE Linux Enterprise Server for SAP Applications 12 SP4

ceph-common-12.2.10+git.1549630712.bb089269ea-2.27.2

libcephfs2-12.2.10+git.1549630712.bb089269ea-2.27.2

librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

libradosstriper1-12.2.10+git.1549630712.bb089269ea-2.27.2

librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

librgw2-12.2.10+git.1549630712.bb089269ea-2.27.2

python-cephfs-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rados-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rbd-12.2.10+git.1549630712.bb089269ea-2.27.2

python-rgw-12.2.10+git.1549630712.bb089269ea-2.27.2

SUSE Linux Enterprise Software Development Kit 12 SP3

libcephfs-devel-12.2.10+git.1549630712.bb089269ea-2.27.2

librados-devel-12.2.10+git.1549630712.bb089269ea-2.27.2

librbd-devel-12.2.10+git.1549630712.bb089269ea-2.27.2

SUSE Linux Enterprise Software Development Kit 12 SP4

libcephfs-devel-12.2.10+git.1549630712.bb089269ea-2.27.2

librados-devel-12.2.10+git.1549630712.bb089269ea-2.27.2

librbd-devel-12.2.10+git.1549630712.bb089269ea-2.27.2

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20190499-1/
Link for SUSE-SU-2019:0499-1
https://lists.suse.com/pipermail/sle-security-updates/2019-February/005154.html
E-Mail link for SUSE-SU-2019:0499-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1111177
SUSE Bug 1111177
https://bugzilla.suse.com/1113246
SUSE Bug 1113246
https://bugzilla.suse.com/1114710
SUSE Bug 1114710
https://bugzilla.suse.com/1121567
SUSE Bug 1121567
https://www.suse.com/security/cve/CVE-2018-14662/
SUSE CVE CVE-2018-14662 page
https://www.suse.com/security/cve/CVE-2018-16846/
SUSE CVE CVE-2018-16846 page
https://www.suse.com/security/cve/CVE-2018-16889/
SUSE CVE CVE-2018-16889 page

Описание

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

Затронутые продукты

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

Ссылки

https://www.suse.com/security/cve/CVE-2018-14662.html
CVE-2018-14662
https://bugzilla.suse.com/1111177
SUSE Bug 1111177
https://bugzilla.suse.com/1114710
SUSE Bug 1114710

Описание

It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

Затронутые продукты

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

Ссылки

https://www.suse.com/security/cve/CVE-2018-16846.html
CVE-2018-16846
https://bugzilla.suse.com/1114710
SUSE Bug 1114710

Описание

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

Затронутые продукты

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:librados2-12.2.10+git.1549630712.bb089269ea-2.27.2

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:librbd1-12.2.10+git.1549630712.bb089269ea-2.27.2

Ссылки

https://www.suse.com/security/cve/CVE-2018-16889.html
CVE-2018-16889
https://bugzilla.suse.com/1121567
SUSE Bug 1121567

SUSE-SU-2019:0499-1

Описание

Список пакетов

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Enterprise Storage 5

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP4

Ссылки

Уязвимость: CVE-2018-14662

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-16846

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-16889

Описание

Затронутые продукты

Ссылки