Описание
Security update for ceph
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837).
- CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430).
- CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025).
Bug fixes:
- osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183).
- ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262).
- cephadm: update monitoring container images (bsc#1200501).
- mgr/dashboard: prevent alert redirect (bsc#1200978).
- mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797).
- monitoring/ceph-mixin: add RGW host to label info (bsc#1201976).
- mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077).
- python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375).
- mgr/dashboard: fix rgw connect when using ssl (bsc#1205436).
- ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292).
- cephfs-shell: move source to separate subdirectory (bsc#1201604).
Fix in previous release:
- mgr/cephadm: try to get FQDN for configuration files (bsc#1196046).
- When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748).
- OSD marked down causes wrong backfill_toofull (bsc#1188911).
- cephadm: Fix iscsi client caps (allow mgr calls) (bsc#1192838).
- mgr/cephadm: fix and improve osd draining (bsc#1200317).
- add iscsi and nfs to upgrade process (bsc#1206158).
- mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840).
Список пакетов
SUSE Linux Enterprise Micro 5.3
librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1
librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1
libcephfs-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
libcephfs2-16.2.11.58+g38d6afd3b78-150400.3.6.1
librados-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1
libradospp-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
librbd-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1
librgw-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
librgw2-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-ceph-argparse-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-cephfs-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-rados-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-rbd-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-rgw-16.2.11.58+g38d6afd3b78-150400.3.6.1
rados-objclass-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
rbd-nbd-16.2.11.58+g38d6afd3b78-150400.3.6.1
openSUSE Leap 15.4
ceph-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-base-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-fuse-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-grafana-dashboards-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-immutable-object-cache-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-mds-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-mgr-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-mgr-cephadm-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-mgr-dashboard-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-mgr-diskprediction-local-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-mgr-k8sevents-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-mgr-modules-core-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-mgr-rook-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-mon-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-osd-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-prometheus-alerts-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-radosgw-16.2.11.58+g38d6afd3b78-150400.3.6.1
ceph-test-16.2.11.58+g38d6afd3b78-150400.3.6.1
cephadm-16.2.11.58+g38d6afd3b78-150400.3.6.1
cephfs-mirror-16.2.11.58+g38d6afd3b78-150400.3.6.1
cephfs-shell-16.2.11.58+g38d6afd3b78-150400.3.6.1
cephfs-top-16.2.11.58+g38d6afd3b78-150400.3.6.1
libcephfs-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
libcephfs2-16.2.11.58+g38d6afd3b78-150400.3.6.1
libcephsqlite-16.2.11.58+g38d6afd3b78-150400.3.6.1
libcephsqlite-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
librados-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1
libradospp-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
librbd-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1
librgw-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
librgw2-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-ceph-argparse-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-cephfs-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-rados-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-rbd-16.2.11.58+g38d6afd3b78-150400.3.6.1
python3-rgw-16.2.11.58+g38d6afd3b78-150400.3.6.1
rados-objclass-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
rbd-fuse-16.2.11.58+g38d6afd3b78-150400.3.6.1
rbd-mirror-16.2.11.58+g38d6afd3b78-150400.3.6.1
rbd-nbd-16.2.11.58+g38d6afd3b78-150400.3.6.1
openSUSE Leap Micro 5.3
librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1
librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1
Ссылки
- Link for SUSE-SU-2023:1581-1
- E-Mail link for SUSE-SU-2023:1581-1
- SUSE Security Ratings
- SUSE Bug 1187748
- SUSE Bug 1188911
- SUSE Bug 1192838
- SUSE Bug 1192840
- SUSE Bug 1196046
- SUSE Bug 1199183
- SUSE Bug 1200262
- SUSE Bug 1200317
- SUSE Bug 1200501
- SUSE Bug 1200978
- SUSE Bug 1201604
- SUSE Bug 1201797
- SUSE Bug 1201837
- SUSE Bug 1201976
- SUSE Bug 1202077
- SUSE Bug 1202292
- SUSE Bug 1203375
Описание
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
Затронутые продукты
SUSE Linux Enterprise Micro 5.3:librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1
SUSE Linux Enterprise Micro 5.3:librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:libcephfs-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
Ссылки
- CVE-2022-0670
- SUSE Bug 1201837
Описание
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
Затронутые продукты
SUSE Linux Enterprise Micro 5.3:librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1
SUSE Linux Enterprise Micro 5.3:librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:libcephfs-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
Ссылки
- CVE-2022-3650
- SUSE Bug 1204430
Описание
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.
Затронутые продукты
SUSE Linux Enterprise Micro 5.3:librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1
SUSE Linux Enterprise Micro 5.3:librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:libcephfs-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1
Ссылки
- CVE-2022-3854
- SUSE Bug 1205025