Описание
Security update for ceph
This update for ceph fixes the following issues:
- ceph was updated to 14.2.20-402-g6aa76c6815:
- CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074).
- CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905).
- CVE-2020-27839: Use secure cookies to store JWT Token (bsc#1179997).
- mgr/dashboard: prometheus alerting: add some leeway for package drops and errors (bsc#1145463)
- mon: have 'mon stat' output json as well (bsc#1174466)
- rpm: ceph-mgr-dashboard recommends python3-saml on SUSE (bsc#1177200)
- mgr/dashboard: Display a warning message in Dashboard when debug mode is enabled (bsc#1178235)
- rgw: cls/user: set from_index for reset stats calls (bsc#1178837)
- mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860)
- bluestore: provide a different name for fallback allocator (bsc#1180118)
- test/run-cli-tests: use cram from github (bsc#1181378)
- mgr/dashboard: fix 'Python2 Cookie module import fails on Python3' (bsc#1183487)
- common: make ms_bind_msgr2 default to 'false' (bsc#1180594)
Список пакетов
Container caasp/v4/hyperkube:v1.17.17
ceph-common-14.2.20.402+g6aa76c6815-3.60.1
libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
librados2-14.2.20.402+g6aa76c6815-3.60.1
librbd1-14.2.20.402+g6aa76c6815-3.60.1
librgw2-14.2.20.402+g6aa76c6815-3.60.1
python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1
python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1
python3-rados-14.2.20.402+g6aa76c6815-3.60.1
python3-rbd-14.2.20.402+g6aa76c6815-3.60.1
python3-rgw-14.2.20.402+g6aa76c6815-3.60.1
SUSE Enterprise Storage 6
ceph-14.2.20.402+g6aa76c6815-3.60.1
ceph-base-14.2.20.402+g6aa76c6815-3.60.1
ceph-common-14.2.20.402+g6aa76c6815-3.60.1
ceph-fuse-14.2.20.402+g6aa76c6815-3.60.1
ceph-grafana-dashboards-14.2.20.402+g6aa76c6815-3.60.1
ceph-mds-14.2.20.402+g6aa76c6815-3.60.1
ceph-mgr-14.2.20.402+g6aa76c6815-3.60.1
ceph-mgr-dashboard-14.2.20.402+g6aa76c6815-3.60.1
ceph-mgr-diskprediction-local-14.2.20.402+g6aa76c6815-3.60.1
ceph-mgr-rook-14.2.20.402+g6aa76c6815-3.60.1
ceph-mon-14.2.20.402+g6aa76c6815-3.60.1
ceph-osd-14.2.20.402+g6aa76c6815-3.60.1
ceph-prometheus-alerts-14.2.20.402+g6aa76c6815-3.60.1
ceph-radosgw-14.2.20.402+g6aa76c6815-3.60.1
cephfs-shell-14.2.20.402+g6aa76c6815-3.60.1
libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1
libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
librados-devel-14.2.20.402+g6aa76c6815-3.60.1
librados2-14.2.20.402+g6aa76c6815-3.60.1
libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd1-14.2.20.402+g6aa76c6815-3.60.1
librgw-devel-14.2.20.402+g6aa76c6815-3.60.1
librgw2-14.2.20.402+g6aa76c6815-3.60.1
python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1
python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1
python3-rados-14.2.20.402+g6aa76c6815-3.60.1
python3-rbd-14.2.20.402+g6aa76c6815-3.60.1
python3-rgw-14.2.20.402+g6aa76c6815-3.60.1
rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1
rbd-fuse-14.2.20.402+g6aa76c6815-3.60.1
rbd-mirror-14.2.20.402+g6aa76c6815-3.60.1
rbd-nbd-14.2.20.402+g6aa76c6815-3.60.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
ceph-common-14.2.20.402+g6aa76c6815-3.60.1
libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1
libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
librados-devel-14.2.20.402+g6aa76c6815-3.60.1
librados2-14.2.20.402+g6aa76c6815-3.60.1
libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd1-14.2.20.402+g6aa76c6815-3.60.1
librgw-devel-14.2.20.402+g6aa76c6815-3.60.1
librgw2-14.2.20.402+g6aa76c6815-3.60.1
python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1
python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1
python3-rados-14.2.20.402+g6aa76c6815-3.60.1
python3-rbd-14.2.20.402+g6aa76c6815-3.60.1
python3-rgw-14.2.20.402+g6aa76c6815-3.60.1
rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
ceph-common-14.2.20.402+g6aa76c6815-3.60.1
libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1
libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
librados-devel-14.2.20.402+g6aa76c6815-3.60.1
librados2-14.2.20.402+g6aa76c6815-3.60.1
libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd1-14.2.20.402+g6aa76c6815-3.60.1
librgw-devel-14.2.20.402+g6aa76c6815-3.60.1
librgw2-14.2.20.402+g6aa76c6815-3.60.1
python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1
python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1
python3-rados-14.2.20.402+g6aa76c6815-3.60.1
python3-rbd-14.2.20.402+g6aa76c6815-3.60.1
python3-rgw-14.2.20.402+g6aa76c6815-3.60.1
rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1
SUSE Linux Enterprise Server 15 SP1-BCL
ceph-common-14.2.20.402+g6aa76c6815-3.60.1
libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1
libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
librados-devel-14.2.20.402+g6aa76c6815-3.60.1
librados2-14.2.20.402+g6aa76c6815-3.60.1
libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd1-14.2.20.402+g6aa76c6815-3.60.1
librgw-devel-14.2.20.402+g6aa76c6815-3.60.1
librgw2-14.2.20.402+g6aa76c6815-3.60.1
python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1
python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1
python3-rados-14.2.20.402+g6aa76c6815-3.60.1
python3-rbd-14.2.20.402+g6aa76c6815-3.60.1
python3-rgw-14.2.20.402+g6aa76c6815-3.60.1
rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1
SUSE Linux Enterprise Server 15 SP1-LTSS
ceph-common-14.2.20.402+g6aa76c6815-3.60.1
libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1
libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
librados-devel-14.2.20.402+g6aa76c6815-3.60.1
librados2-14.2.20.402+g6aa76c6815-3.60.1
libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd1-14.2.20.402+g6aa76c6815-3.60.1
librgw-devel-14.2.20.402+g6aa76c6815-3.60.1
librgw2-14.2.20.402+g6aa76c6815-3.60.1
python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1
python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1
python3-rados-14.2.20.402+g6aa76c6815-3.60.1
python3-rbd-14.2.20.402+g6aa76c6815-3.60.1
python3-rgw-14.2.20.402+g6aa76c6815-3.60.1
rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
ceph-common-14.2.20.402+g6aa76c6815-3.60.1
libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1
libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
librados-devel-14.2.20.402+g6aa76c6815-3.60.1
librados2-14.2.20.402+g6aa76c6815-3.60.1
libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd1-14.2.20.402+g6aa76c6815-3.60.1
librgw-devel-14.2.20.402+g6aa76c6815-3.60.1
librgw2-14.2.20.402+g6aa76c6815-3.60.1
python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1
python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1
python3-rados-14.2.20.402+g6aa76c6815-3.60.1
python3-rbd-14.2.20.402+g6aa76c6815-3.60.1
python3-rgw-14.2.20.402+g6aa76c6815-3.60.1
rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1
SUSE Manager Proxy 4.0
ceph-common-14.2.20.402+g6aa76c6815-3.60.1
libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1
libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
librados-devel-14.2.20.402+g6aa76c6815-3.60.1
librados2-14.2.20.402+g6aa76c6815-3.60.1
libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd1-14.2.20.402+g6aa76c6815-3.60.1
librgw-devel-14.2.20.402+g6aa76c6815-3.60.1
librgw2-14.2.20.402+g6aa76c6815-3.60.1
python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1
python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1
python3-rados-14.2.20.402+g6aa76c6815-3.60.1
python3-rbd-14.2.20.402+g6aa76c6815-3.60.1
python3-rgw-14.2.20.402+g6aa76c6815-3.60.1
rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1
SUSE Manager Retail Branch Server 4.0
ceph-common-14.2.20.402+g6aa76c6815-3.60.1
libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1
libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
librados-devel-14.2.20.402+g6aa76c6815-3.60.1
librados2-14.2.20.402+g6aa76c6815-3.60.1
libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd1-14.2.20.402+g6aa76c6815-3.60.1
librgw-devel-14.2.20.402+g6aa76c6815-3.60.1
librgw2-14.2.20.402+g6aa76c6815-3.60.1
python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1
python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1
python3-rados-14.2.20.402+g6aa76c6815-3.60.1
python3-rbd-14.2.20.402+g6aa76c6815-3.60.1
python3-rgw-14.2.20.402+g6aa76c6815-3.60.1
rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1
SUSE Manager Server 4.0
ceph-common-14.2.20.402+g6aa76c6815-3.60.1
libcephfs-devel-14.2.20.402+g6aa76c6815-3.60.1
libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
librados-devel-14.2.20.402+g6aa76c6815-3.60.1
librados2-14.2.20.402+g6aa76c6815-3.60.1
libradospp-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd-devel-14.2.20.402+g6aa76c6815-3.60.1
librbd1-14.2.20.402+g6aa76c6815-3.60.1
librgw-devel-14.2.20.402+g6aa76c6815-3.60.1
librgw2-14.2.20.402+g6aa76c6815-3.60.1
python3-ceph-argparse-14.2.20.402+g6aa76c6815-3.60.1
python3-cephfs-14.2.20.402+g6aa76c6815-3.60.1
python3-rados-14.2.20.402+g6aa76c6815-3.60.1
python3-rbd-14.2.20.402+g6aa76c6815-3.60.1
python3-rgw-14.2.20.402+g6aa76c6815-3.60.1
rados-objclass-devel-14.2.20.402+g6aa76c6815-3.60.1
Ссылки
- Link for SUSE-SU-2021:1473-1
- E-Mail link for SUSE-SU-2021:1473-1
- SUSE Security Ratings
- SUSE Bug 1145463
- SUSE Bug 1174466
- SUSE Bug 1177200
- SUSE Bug 1178235
- SUSE Bug 1178837
- SUSE Bug 1178860
- SUSE Bug 1178905
- SUSE Bug 1179997
- SUSE Bug 1180118
- SUSE Bug 1180594
- SUSE Bug 1181378
- SUSE Bug 1183074
- SUSE Bug 1183487
- SUSE CVE CVE-2020-25678 page
- SUSE CVE CVE-2020-27839 page
- SUSE CVE CVE-2021-20288 page
Описание
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Затронутые продукты
Container caasp/v4/hyperkube:v1.17.17:ceph-common-14.2.20.402+g6aa76c6815-3.60.1
Container caasp/v4/hyperkube:v1.17.17:libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
Container caasp/v4/hyperkube:v1.17.17:librados2-14.2.20.402+g6aa76c6815-3.60.1
Container caasp/v4/hyperkube:v1.17.17:librbd1-14.2.20.402+g6aa76c6815-3.60.1
Ссылки
- CVE-2020-25678
- SUSE Bug 1178905
Описание
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser's localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
Затронутые продукты
Container caasp/v4/hyperkube:v1.17.17:ceph-common-14.2.20.402+g6aa76c6815-3.60.1
Container caasp/v4/hyperkube:v1.17.17:libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
Container caasp/v4/hyperkube:v1.17.17:librados2-14.2.20.402+g6aa76c6815-3.60.1
Container caasp/v4/hyperkube:v1.17.17:librbd1-14.2.20.402+g6aa76c6815-3.60.1
Ссылки
- CVE-2020-27839
- SUSE Bug 1179997
Описание
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Container caasp/v4/hyperkube:v1.17.17:ceph-common-14.2.20.402+g6aa76c6815-3.60.1
Container caasp/v4/hyperkube:v1.17.17:libcephfs2-14.2.20.402+g6aa76c6815-3.60.1
Container caasp/v4/hyperkube:v1.17.17:librados2-14.2.20.402+g6aa76c6815-3.60.1
Container caasp/v4/hyperkube:v1.17.17:librbd1-14.2.20.402+g6aa76c6815-3.60.1
Ссылки
- CVE-2021-20288
- SUSE Bug 1183074
- SUSE Bug 1205049