Описание
Security update for ceph
This update for ceph fixes the following issues:
- ceph was updated to 15.2.11-83-g8a15f484c2:
- CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074).
- disk gets replaced with no rocksdb/wal (bsc#1184231).
- BlueStore handles huge(>4GB) writes from RocksDB to BlueFS poorly, potentially causing data corruption (bsc#1183899).
Список пакетов
Container suse/sles/15.2/virt-launcher:0.38.1
librados2-15.2.11.83+g8a15f484c2-3.20.1
librbd1-15.2.11.83+g8a15f484c2-3.20.1
Container suse/sles/15.3/virt-launcher:0.45.0
librados2-15.2.11.83+g8a15f484c2-3.20.1
librbd1-15.2.11.83+g8a15f484c2-3.20.1
SUSE Enterprise Storage 7
ceph-base-15.2.11.83+g8a15f484c2-3.20.1
ceph-common-15.2.11.83+g8a15f484c2-3.20.1
cephadm-15.2.11.83+g8a15f484c2-3.20.1
libcephfs2-15.2.11.83+g8a15f484c2-3.20.1
librados2-15.2.11.83+g8a15f484c2-3.20.1
librbd1-15.2.11.83+g8a15f484c2-3.20.1
librgw2-15.2.11.83+g8a15f484c2-3.20.1
python3-ceph-argparse-15.2.11.83+g8a15f484c2-3.20.1
python3-ceph-common-15.2.11.83+g8a15f484c2-3.20.1
python3-cephfs-15.2.11.83+g8a15f484c2-3.20.1
python3-rados-15.2.11.83+g8a15f484c2-3.20.1
python3-rbd-15.2.11.83+g8a15f484c2-3.20.1
python3-rgw-15.2.11.83+g8a15f484c2-3.20.1
rbd-nbd-15.2.11.83+g8a15f484c2-3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
ceph-common-15.2.11.83+g8a15f484c2-3.20.1
libcephfs-devel-15.2.11.83+g8a15f484c2-3.20.1
libcephfs2-15.2.11.83+g8a15f484c2-3.20.1
librados-devel-15.2.11.83+g8a15f484c2-3.20.1
librados2-15.2.11.83+g8a15f484c2-3.20.1
libradospp-devel-15.2.11.83+g8a15f484c2-3.20.1
librbd-devel-15.2.11.83+g8a15f484c2-3.20.1
librbd1-15.2.11.83+g8a15f484c2-3.20.1
librgw-devel-15.2.11.83+g8a15f484c2-3.20.1
librgw2-15.2.11.83+g8a15f484c2-3.20.1
python3-ceph-argparse-15.2.11.83+g8a15f484c2-3.20.1
python3-ceph-common-15.2.11.83+g8a15f484c2-3.20.1
python3-cephfs-15.2.11.83+g8a15f484c2-3.20.1
python3-rados-15.2.11.83+g8a15f484c2-3.20.1
python3-rbd-15.2.11.83+g8a15f484c2-3.20.1
python3-rgw-15.2.11.83+g8a15f484c2-3.20.1
rados-objclass-devel-15.2.11.83+g8a15f484c2-3.20.1
rbd-nbd-15.2.11.83+g8a15f484c2-3.20.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
ceph-common-15.2.11.83+g8a15f484c2-3.20.1
libcephfs-devel-15.2.11.83+g8a15f484c2-3.20.1
libcephfs2-15.2.11.83+g8a15f484c2-3.20.1
librados-devel-15.2.11.83+g8a15f484c2-3.20.1
librados2-15.2.11.83+g8a15f484c2-3.20.1
libradospp-devel-15.2.11.83+g8a15f484c2-3.20.1
librbd-devel-15.2.11.83+g8a15f484c2-3.20.1
librbd1-15.2.11.83+g8a15f484c2-3.20.1
librgw-devel-15.2.11.83+g8a15f484c2-3.20.1
librgw2-15.2.11.83+g8a15f484c2-3.20.1
python3-ceph-argparse-15.2.11.83+g8a15f484c2-3.20.1
python3-ceph-common-15.2.11.83+g8a15f484c2-3.20.1
python3-cephfs-15.2.11.83+g8a15f484c2-3.20.1
python3-rados-15.2.11.83+g8a15f484c2-3.20.1
python3-rbd-15.2.11.83+g8a15f484c2-3.20.1
python3-rgw-15.2.11.83+g8a15f484c2-3.20.1
rados-objclass-devel-15.2.11.83+g8a15f484c2-3.20.1
rbd-nbd-15.2.11.83+g8a15f484c2-3.20.1
Ссылки
- Link for SUSE-SU-2021:1474-1
- E-Mail link for SUSE-SU-2021:1474-1
- SUSE Security Ratings
- SUSE Bug 1183074
- SUSE Bug 1183899
- SUSE Bug 1184231
- SUSE CVE CVE-2021-20288 page
Описание
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Container suse/sles/15.2/virt-launcher:0.38.1:librados2-15.2.11.83+g8a15f484c2-3.20.1
Container suse/sles/15.2/virt-launcher:0.38.1:librbd1-15.2.11.83+g8a15f484c2-3.20.1
Container suse/sles/15.3/virt-launcher:0.45.0:librados2-15.2.11.83+g8a15f484c2-3.20.1
Container suse/sles/15.3/virt-launcher:0.45.0:librbd1-15.2.11.83+g8a15f484c2-3.20.1
Ссылки
- CVE-2021-20288
- SUSE Bug 1183074
- SUSE Bug 1205049