Описание
Security update for ceph
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2019-3821: civetweb: fix file descriptor leak (bsc#1125080)
- CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567)
Non-security issues fixed:
- install grafana dashboards world readable (bsc#1136110)
- upgrade results in cluster outage (bsc#1132396)
- ceph status reports 'HEALTH_WARN 3 monitors have not enabled msgr2' (bsc#1124957)
- Dashboard: Opening tcmu-runner perf counters results in a 404 (bsc#1135388)
- RadosGW stopped expiring objects (bsc#1133139)
- Ceph does not recover when rebuilding every OSD (bsc#1133461)
Список пакетов
Container caasp/v4/hyperkube:v1.17.17
ceph-common-14.2.1.468+g994fd9e0cc-3.3.2
libcephfs2-14.2.1.468+g994fd9e0cc-3.3.2
librados2-14.2.1.468+g994fd9e0cc-3.3.2
librbd1-14.2.1.468+g994fd9e0cc-3.3.2
librgw2-14.2.1.468+g994fd9e0cc-3.3.2
python3-ceph-argparse-14.2.1.468+g994fd9e0cc-3.3.2
python3-cephfs-14.2.1.468+g994fd9e0cc-3.3.2
python3-rados-14.2.1.468+g994fd9e0cc-3.3.2
python3-rbd-14.2.1.468+g994fd9e0cc-3.3.2
python3-rgw-14.2.1.468+g994fd9e0cc-3.3.2
SUSE Enterprise Storage 6
ceph-14.2.1.468+g994fd9e0cc-3.3.2
ceph-base-14.2.1.468+g994fd9e0cc-3.3.2
ceph-common-14.2.1.468+g994fd9e0cc-3.3.2
ceph-fuse-14.2.1.468+g994fd9e0cc-3.3.2
ceph-grafana-dashboards-14.2.1.468+g994fd9e0cc-3.3.2
ceph-mds-14.2.1.468+g994fd9e0cc-3.3.2
ceph-mgr-14.2.1.468+g994fd9e0cc-3.3.2
ceph-mgr-dashboard-14.2.1.468+g994fd9e0cc-3.3.2
ceph-mgr-diskprediction-local-14.2.1.468+g994fd9e0cc-3.3.2
ceph-mgr-rook-14.2.1.468+g994fd9e0cc-3.3.2
ceph-mon-14.2.1.468+g994fd9e0cc-3.3.2
ceph-osd-14.2.1.468+g994fd9e0cc-3.3.2
ceph-prometheus-alerts-14.2.1.468+g994fd9e0cc-3.3.2
ceph-radosgw-14.2.1.468+g994fd9e0cc-3.3.2
cephfs-shell-14.2.1.468+g994fd9e0cc-3.3.2
libcephfs2-14.2.1.468+g994fd9e0cc-3.3.2
librados2-14.2.1.468+g994fd9e0cc-3.3.2
librbd1-14.2.1.468+g994fd9e0cc-3.3.2
librgw2-14.2.1.468+g994fd9e0cc-3.3.2
python3-ceph-argparse-14.2.1.468+g994fd9e0cc-3.3.2
python3-cephfs-14.2.1.468+g994fd9e0cc-3.3.2
python3-rados-14.2.1.468+g994fd9e0cc-3.3.2
python3-rbd-14.2.1.468+g994fd9e0cc-3.3.2
python3-rgw-14.2.1.468+g994fd9e0cc-3.3.2
rbd-fuse-14.2.1.468+g994fd9e0cc-3.3.2
rbd-mirror-14.2.1.468+g994fd9e0cc-3.3.2
rbd-nbd-14.2.1.468+g994fd9e0cc-3.3.2
SUSE Linux Enterprise Module for Basesystem 15 SP1
ceph-common-14.2.1.468+g994fd9e0cc-3.3.2
libcephfs-devel-14.2.1.468+g994fd9e0cc-3.3.2
libcephfs2-14.2.1.468+g994fd9e0cc-3.3.2
librados-devel-14.2.1.468+g994fd9e0cc-3.3.2
librados2-14.2.1.468+g994fd9e0cc-3.3.2
libradospp-devel-14.2.1.468+g994fd9e0cc-3.3.2
librbd-devel-14.2.1.468+g994fd9e0cc-3.3.2
librbd1-14.2.1.468+g994fd9e0cc-3.3.2
librgw-devel-14.2.1.468+g994fd9e0cc-3.3.2
librgw2-14.2.1.468+g994fd9e0cc-3.3.2
python3-ceph-argparse-14.2.1.468+g994fd9e0cc-3.3.2
python3-cephfs-14.2.1.468+g994fd9e0cc-3.3.2
python3-rados-14.2.1.468+g994fd9e0cc-3.3.2
python3-rbd-14.2.1.468+g994fd9e0cc-3.3.2
python3-rgw-14.2.1.468+g994fd9e0cc-3.3.2
rados-objclass-devel-14.2.1.468+g994fd9e0cc-3.3.2
Ссылки
- Link for SUSE-SU-2019:2049-1
- E-Mail link for SUSE-SU-2019:2049-1
- SUSE Security Ratings
- SUSE Bug 1121567
- SUSE Bug 1123360
- SUSE Bug 1124957
- SUSE Bug 1125080
- SUSE Bug 1125899
- SUSE Bug 1131984
- SUSE Bug 1132396
- SUSE Bug 1133139
- SUSE Bug 1133461
- SUSE Bug 1135030
- SUSE Bug 1135219
- SUSE Bug 1135221
- SUSE Bug 1135388
- SUSE Bug 1136110
- SUSE CVE CVE-2018-16889 page
- SUSE CVE CVE-2019-3821 page
Описание
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Затронутые продукты
Container caasp/v4/hyperkube:v1.17.17:ceph-common-14.2.1.468+g994fd9e0cc-3.3.2
Container caasp/v4/hyperkube:v1.17.17:libcephfs2-14.2.1.468+g994fd9e0cc-3.3.2
Container caasp/v4/hyperkube:v1.17.17:librados2-14.2.1.468+g994fd9e0cc-3.3.2
Container caasp/v4/hyperkube:v1.17.17:librbd1-14.2.1.468+g994fd9e0cc-3.3.2
Ссылки
- CVE-2018-16889
- SUSE Bug 1121567
Описание
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.
Затронутые продукты
Container caasp/v4/hyperkube:v1.17.17:ceph-common-14.2.1.468+g994fd9e0cc-3.3.2
Container caasp/v4/hyperkube:v1.17.17:libcephfs2-14.2.1.468+g994fd9e0cc-3.3.2
Container caasp/v4/hyperkube:v1.17.17:librados2-14.2.1.468+g994fd9e0cc-3.3.2
Container caasp/v4/hyperkube:v1.17.17:librbd1-14.2.1.468+g994fd9e0cc-3.3.2
Ссылки
- CVE-2019-3821
- SUSE Bug 1125080