openSUSE-SU-2016:3201-1

Опубликовано: 20 дек. 2016

Источник: suse-cvrf

Описание

Security update for ceph

ceph was updated to version 10.2.4 and fixes the following issues:

A moncommand with empty prefix could crash the monitor (boo#987144, CVE-2016-5009)
Detect crc32 extension support from assembler on AArch64 (boo#999688)
Failing file operations on kernel based cephfs mount point could leave unaccessible file behind on hammer 0.94.7 (boo#985232)
Fixed boo#1008501
- ceph_volume_client: fix _recover_auth_meta() method
- ceph_volume_client: check if volume metadata is empty
- ceph_volume_client: fix partial auth recovery
Avoid ~100% CPU load after OSD creation / first OSD start (boo#1014338)
Fixed boo#990438: civetweb HTTPS support not working
Avoid systemd limiting OSDs (boo#1007216)
Fix 'make check' when building unit tests with --with-xio (boo#977940)
Fix build for ppc64le (boo#982141)
Including performance fix for linux dcache hash algorithm (boo#1005179)
Fix invalid command in SOC7 (boo#1008894)

Список пакетов

openSUSE Leap 42.2

ceph-10.2.4+git.1481215985.12b091b-4.1

ceph-base-10.2.4+git.1481215985.12b091b-4.1

ceph-common-10.2.4+git.1481215985.12b091b-4.1

ceph-fuse-10.2.4+git.1481215985.12b091b-4.1

ceph-mds-10.2.4+git.1481215985.12b091b-4.1

ceph-mon-10.2.4+git.1481215985.12b091b-4.1

ceph-osd-10.2.4+git.1481215985.12b091b-4.1

ceph-radosgw-10.2.4+git.1481215985.12b091b-4.1

ceph-resource-agents-10.2.4+git.1481215985.12b091b-4.1

ceph-test-10.2.4+git.1481215985.12b091b-4.1

libcephfs-devel-10.2.4+git.1481215985.12b091b-4.1

libcephfs1-10.2.4+git.1481215985.12b091b-4.1

librados-devel-10.2.4+git.1481215985.12b091b-4.1

librados2-10.2.4+git.1481215985.12b091b-4.1

libradosstriper-devel-10.2.4+git.1481215985.12b091b-4.1

libradosstriper1-10.2.4+git.1481215985.12b091b-4.1

librbd-devel-10.2.4+git.1481215985.12b091b-4.1

librbd1-10.2.4+git.1481215985.12b091b-4.1

librgw-devel-10.2.4+git.1481215985.12b091b-4.1

librgw2-10.2.4+git.1481215985.12b091b-4.1

python-ceph-compat-10.2.4+git.1481215985.12b091b-4.1

python-cephfs-10.2.4+git.1481215985.12b091b-4.1

python-rados-10.2.4+git.1481215985.12b091b-4.1

python-rbd-10.2.4+git.1481215985.12b091b-4.1

rbd-fuse-10.2.4+git.1481215985.12b091b-4.1

rbd-mirror-10.2.4+git.1481215985.12b091b-4.1

rbd-nbd-10.2.4+git.1481215985.12b091b-4.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-12/msg00126.html
E-Mail link for openSUSE-SU-2016:3201-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

Затронутые продукты

openSUSE Leap 42.2:ceph-10.2.4+git.1481215985.12b091b-4.1

openSUSE Leap 42.2:ceph-base-10.2.4+git.1481215985.12b091b-4.1

openSUSE Leap 42.2:ceph-common-10.2.4+git.1481215985.12b091b-4.1

openSUSE Leap 42.2:ceph-fuse-10.2.4+git.1481215985.12b091b-4.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-5009.html
CVE-2016-5009
https://bugzilla.suse.com/987144
SUSE Bug 987144

openSUSE-SU-2016:3201-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-5009

Описание

Затронутые продукты

Ссылки