SUSE-SU-2019:2364-1

Опубликовано: 12 сент. 2019

Источник: suse-cvrf

Описание

Security update for ceph

This update for ceph to version 12.2.12-594-g02236657ca fixes the following issues:

Security issues fixed:

CVE-2018-16889: Fixed missing sanitation of customer encryption keys from log output in v4 auth. (bsc#1121567)

Список пакетов

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

librados2-12.2.12+git.1568024032.02236657ca-2.39.1

librbd1-12.2.12+git.1568024032.02236657ca-2.39.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

librados2-12.2.12+git.1568024032.02236657ca-2.39.1

librbd1-12.2.12+git.1568024032.02236657ca-2.39.1

SUSE Enterprise Storage 5

ceph-12.2.12+git.1568024032.02236657ca-2.39.1

ceph-base-12.2.12+git.1568024032.02236657ca-2.39.1

ceph-common-12.2.12+git.1568024032.02236657ca-2.39.1

ceph-fuse-12.2.12+git.1568024032.02236657ca-2.39.1

ceph-mds-12.2.12+git.1568024032.02236657ca-2.39.1

ceph-mgr-12.2.12+git.1568024032.02236657ca-2.39.1

ceph-mon-12.2.12+git.1568024032.02236657ca-2.39.1

ceph-osd-12.2.12+git.1568024032.02236657ca-2.39.1

ceph-radosgw-12.2.12+git.1568024032.02236657ca-2.39.1

libcephfs2-12.2.12+git.1568024032.02236657ca-2.39.1

librados2-12.2.12+git.1568024032.02236657ca-2.39.1

libradosstriper1-12.2.12+git.1568024032.02236657ca-2.39.1

librbd1-12.2.12+git.1568024032.02236657ca-2.39.1

librgw2-12.2.12+git.1568024032.02236657ca-2.39.1

python-ceph-compat-12.2.12+git.1568024032.02236657ca-2.39.1

python-cephfs-12.2.12+git.1568024032.02236657ca-2.39.1

python-rados-12.2.12+git.1568024032.02236657ca-2.39.1

python-rbd-12.2.12+git.1568024032.02236657ca-2.39.1

python-rgw-12.2.12+git.1568024032.02236657ca-2.39.1

python3-ceph-argparse-12.2.12+git.1568024032.02236657ca-2.39.1

python3-cephfs-12.2.12+git.1568024032.02236657ca-2.39.1

python3-rados-12.2.12+git.1568024032.02236657ca-2.39.1

python3-rbd-12.2.12+git.1568024032.02236657ca-2.39.1

python3-rgw-12.2.12+git.1568024032.02236657ca-2.39.1

rbd-fuse-12.2.12+git.1568024032.02236657ca-2.39.1

rbd-mirror-12.2.12+git.1568024032.02236657ca-2.39.1

rbd-nbd-12.2.12+git.1568024032.02236657ca-2.39.1

SUSE Linux Enterprise Desktop 12 SP4

ceph-common-12.2.12+git.1568024032.02236657ca-2.39.1

libcephfs2-12.2.12+git.1568024032.02236657ca-2.39.1

librados2-12.2.12+git.1568024032.02236657ca-2.39.1

libradosstriper1-12.2.12+git.1568024032.02236657ca-2.39.1

librbd1-12.2.12+git.1568024032.02236657ca-2.39.1

librgw2-12.2.12+git.1568024032.02236657ca-2.39.1

python-cephfs-12.2.12+git.1568024032.02236657ca-2.39.1

python-rados-12.2.12+git.1568024032.02236657ca-2.39.1

python-rbd-12.2.12+git.1568024032.02236657ca-2.39.1

python-rgw-12.2.12+git.1568024032.02236657ca-2.39.1

SUSE Linux Enterprise Server 12 SP4

ceph-common-12.2.12+git.1568024032.02236657ca-2.39.1

libcephfs2-12.2.12+git.1568024032.02236657ca-2.39.1

librados2-12.2.12+git.1568024032.02236657ca-2.39.1

libradosstriper1-12.2.12+git.1568024032.02236657ca-2.39.1

librbd1-12.2.12+git.1568024032.02236657ca-2.39.1

librgw2-12.2.12+git.1568024032.02236657ca-2.39.1

python-cephfs-12.2.12+git.1568024032.02236657ca-2.39.1

python-rados-12.2.12+git.1568024032.02236657ca-2.39.1

python-rbd-12.2.12+git.1568024032.02236657ca-2.39.1

python-rgw-12.2.12+git.1568024032.02236657ca-2.39.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

ceph-common-12.2.12+git.1568024032.02236657ca-2.39.1

libcephfs2-12.2.12+git.1568024032.02236657ca-2.39.1

librados2-12.2.12+git.1568024032.02236657ca-2.39.1

libradosstriper1-12.2.12+git.1568024032.02236657ca-2.39.1

librbd1-12.2.12+git.1568024032.02236657ca-2.39.1

librgw2-12.2.12+git.1568024032.02236657ca-2.39.1

python-cephfs-12.2.12+git.1568024032.02236657ca-2.39.1

python-rados-12.2.12+git.1568024032.02236657ca-2.39.1

python-rbd-12.2.12+git.1568024032.02236657ca-2.39.1

python-rgw-12.2.12+git.1568024032.02236657ca-2.39.1

SUSE Linux Enterprise Software Development Kit 12 SP4

libcephfs-devel-12.2.12+git.1568024032.02236657ca-2.39.1

librados-devel-12.2.12+git.1568024032.02236657ca-2.39.1

librbd-devel-12.2.12+git.1568024032.02236657ca-2.39.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192364-1/
Link for SUSE-SU-2019:2364-1
https://lists.suse.com/pipermail/sle-security-updates/2019-September/005910.html
E-Mail link for SUSE-SU-2019:2364-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1121567
SUSE Bug 1121567
https://bugzilla.suse.com/1149961
SUSE Bug 1149961
https://www.suse.com/security/cve/CVE-2018-16889/
SUSE CVE CVE-2018-16889 page

Описание

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

Затронутые продукты

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:librados2-12.2.12+git.1568024032.02236657ca-2.39.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:librbd1-12.2.12+git.1568024032.02236657ca-2.39.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:librados2-12.2.12+git.1568024032.02236657ca-2.39.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:librbd1-12.2.12+git.1568024032.02236657ca-2.39.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16889.html
CVE-2018-16889
https://bugzilla.suse.com/1121567
SUSE Bug 1121567

SUSE-SU-2019:2364-1

Описание

Список пакетов

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Enterprise Storage 5

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP4

Ссылки

Уязвимость: CVE-2018-16889

Описание

Затронутые продукты

Ссылки