Описание
Recommended update for ceph
This ceph version update to 10.2.6+git fixes the following issues:
Security issues fixed:
- CVE-2016-9579: RGW server DoS via request with invalid HTTP Origin header (boo#1014986).
Bugfixes:
- Update to version 10.2.6+git.1489493035.3ad7a68
- 'tools/rados: default to include clone objects when excuting 'cache-flush-evict-all' (boo#1003891)
- mon,ceph-disk: add lockbox permissions to bootstrap-osd (boo#1008435)
- 'ceph_volume_client: fix _recover_auth_meta() method' (boo#1008501)
- 'systemd/ceph-disk: reduce ceph-disk flock contention' (boo#1012100)
- 'doc: add verbiage to rbdmap manpage' and 'Add Install section to systemd rbdmap.service file' (boo#1015748)
- ceph-disk: systemd unit must run after local-fs.target (boo#1012100)
- build/ops: restart ceph-osd@.service after 20s instead of 100ms (boo#1019616)
- doc: add verbiage to rbdmap manpage and mention rbdmap in RBD quick start (boo#1015748)
- doc: ceph-deploy man: remove references to mds destroy. Not implemented (boo#970642)
Feature enhancements:
- FATE#321098:
- rpm: deobfuscate SUSE-specific bconds
- rpm: consider xio bcond on x86_64 and aarch64 only
- rpm: remove s390 from SES ExclusiveArch
- rpm: limit lttng/babeltrace to architectures
- rpm: limit xio build
- rpm: enable build for s390(x) in SLE
- rpm: add 'without valgrind_devel' configure option
Список пакетов
openSUSE Leap 42.2
ceph-10.2.6+git.1489493035.3ad7a68-6.4.1
ceph-base-10.2.6+git.1489493035.3ad7a68-6.4.1
ceph-common-10.2.6+git.1489493035.3ad7a68-6.4.1
ceph-fuse-10.2.6+git.1489493035.3ad7a68-6.4.1
ceph-mds-10.2.6+git.1489493035.3ad7a68-6.4.1
ceph-mon-10.2.6+git.1489493035.3ad7a68-6.4.1
ceph-osd-10.2.6+git.1489493035.3ad7a68-6.4.1
ceph-radosgw-10.2.6+git.1489493035.3ad7a68-6.4.1
ceph-resource-agents-10.2.6+git.1489493035.3ad7a68-6.4.1
ceph-test-10.2.6+git.1489493035.3ad7a68-6.4.1
libcephfs-devel-10.2.6+git.1489493035.3ad7a68-6.4.1
libcephfs1-10.2.6+git.1489493035.3ad7a68-6.4.1
librados-devel-10.2.6+git.1489493035.3ad7a68-6.4.1
librados2-10.2.6+git.1489493035.3ad7a68-6.4.1
libradosstriper-devel-10.2.6+git.1489493035.3ad7a68-6.4.1
libradosstriper1-10.2.6+git.1489493035.3ad7a68-6.4.1
librbd-devel-10.2.6+git.1489493035.3ad7a68-6.4.1
librbd1-10.2.6+git.1489493035.3ad7a68-6.4.1
librgw-devel-10.2.6+git.1489493035.3ad7a68-6.4.1
librgw2-10.2.6+git.1489493035.3ad7a68-6.4.1
python-ceph-compat-10.2.6+git.1489493035.3ad7a68-6.4.1
python-cephfs-10.2.6+git.1489493035.3ad7a68-6.4.1
python-rados-10.2.6+git.1489493035.3ad7a68-6.4.1
python-rbd-10.2.6+git.1489493035.3ad7a68-6.4.1
rbd-fuse-10.2.6+git.1489493035.3ad7a68-6.4.1
rbd-mirror-10.2.6+git.1489493035.3ad7a68-6.4.1
rbd-nbd-10.2.6+git.1489493035.3ad7a68-6.4.1
Ссылки
- E-Mail link for openSUSE-SU-2017:0910-1
- SUSE Security Ratings
Описание
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.
Затронутые продукты
openSUSE Leap 42.2:ceph-10.2.6+git.1489493035.3ad7a68-6.4.1
openSUSE Leap 42.2:ceph-base-10.2.6+git.1489493035.3ad7a68-6.4.1
openSUSE Leap 42.2:ceph-common-10.2.6+git.1489493035.3ad7a68-6.4.1
openSUSE Leap 42.2:ceph-fuse-10.2.6+git.1489493035.3ad7a68-6.4.1
Ссылки
- CVE-2016-9579
- SUSE Bug 1014986