Описание
Security update for ceph
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177)
- CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710)
- CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567)
Non-security issue fixed:
- os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Список пакетов
openSUSE Leap 42.3
ceph-12.2.10+git.1549630712.bb089269ea-21.1
ceph-base-12.2.10+git.1549630712.bb089269ea-21.1
ceph-common-12.2.10+git.1549630712.bb089269ea-21.1
ceph-fuse-12.2.10+git.1549630712.bb089269ea-21.1
ceph-mds-12.2.10+git.1549630712.bb089269ea-21.1
ceph-mgr-12.2.10+git.1549630712.bb089269ea-21.1
ceph-mon-12.2.10+git.1549630712.bb089269ea-21.1
ceph-osd-12.2.10+git.1549630712.bb089269ea-21.1
ceph-radosgw-12.2.10+git.1549630712.bb089269ea-21.1
ceph-resource-agents-12.2.10+git.1549630712.bb089269ea-21.1
ceph-test-12.2.10+git.1549630712.bb089269ea-21.1
libcephfs-devel-12.2.10+git.1549630712.bb089269ea-21.1
libcephfs2-12.2.10+git.1549630712.bb089269ea-21.1
librados-devel-12.2.10+git.1549630712.bb089269ea-21.1
librados2-12.2.10+git.1549630712.bb089269ea-21.1
libradosstriper-devel-12.2.10+git.1549630712.bb089269ea-21.1
libradosstriper1-12.2.10+git.1549630712.bb089269ea-21.1
librbd-devel-12.2.10+git.1549630712.bb089269ea-21.1
librbd1-12.2.10+git.1549630712.bb089269ea-21.1
librgw-devel-12.2.10+git.1549630712.bb089269ea-21.1
librgw2-12.2.10+git.1549630712.bb089269ea-21.1
python-ceph-compat-12.2.10+git.1549630712.bb089269ea-21.1
python-cephfs-12.2.10+git.1549630712.bb089269ea-21.1
python-rados-12.2.10+git.1549630712.bb089269ea-21.1
python-rbd-12.2.10+git.1549630712.bb089269ea-21.1
python-rgw-12.2.10+git.1549630712.bb089269ea-21.1
python3-ceph-argparse-12.2.10+git.1549630712.bb089269ea-21.1
python3-cephfs-12.2.10+git.1549630712.bb089269ea-21.1
python3-rados-12.2.10+git.1549630712.bb089269ea-21.1
python3-rbd-12.2.10+git.1549630712.bb089269ea-21.1
python3-rgw-12.2.10+git.1549630712.bb089269ea-21.1
rados-objclass-devel-12.2.10+git.1549630712.bb089269ea-21.1
rbd-fuse-12.2.10+git.1549630712.bb089269ea-21.1
rbd-mirror-12.2.10+git.1549630712.bb089269ea-21.1
rbd-nbd-12.2.10+git.1549630712.bb089269ea-21.1
Ссылки
- E-Mail link for openSUSE-SU-2019:0306-1
- SUSE Security Ratings
Описание
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
Затронутые продукты
openSUSE Leap 42.3:ceph-12.2.10+git.1549630712.bb089269ea-21.1
openSUSE Leap 42.3:ceph-base-12.2.10+git.1549630712.bb089269ea-21.1
openSUSE Leap 42.3:ceph-common-12.2.10+git.1549630712.bb089269ea-21.1
openSUSE Leap 42.3:ceph-fuse-12.2.10+git.1549630712.bb089269ea-21.1
Ссылки
- CVE-2018-14662
- SUSE Bug 1111177
- SUSE Bug 1114710
Описание
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
Затронутые продукты
openSUSE Leap 42.3:ceph-12.2.10+git.1549630712.bb089269ea-21.1
openSUSE Leap 42.3:ceph-base-12.2.10+git.1549630712.bb089269ea-21.1
openSUSE Leap 42.3:ceph-common-12.2.10+git.1549630712.bb089269ea-21.1
openSUSE Leap 42.3:ceph-fuse-12.2.10+git.1549630712.bb089269ea-21.1
Ссылки
- CVE-2018-16846
- SUSE Bug 1114710
Описание
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Затронутые продукты
openSUSE Leap 42.3:ceph-12.2.10+git.1549630712.bb089269ea-21.1
openSUSE Leap 42.3:ceph-base-12.2.10+git.1549630712.bb089269ea-21.1
openSUSE Leap 42.3:ceph-common-12.2.10+git.1549630712.bb089269ea-21.1
openSUSE Leap 42.3:ceph-fuse-12.2.10+git.1549630712.bb089269ea-21.1
Ссылки
- CVE-2018-16889
- SUSE Bug 1121567