Описание
Security update for ceph
This update for ceph fixes the following issues:
- ceph was updated to 15.2.11-83-g8a15f484c2:
- CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074).
- disk gets replaced with no rocksdb/wal (bsc#1184231).
- BlueStore handles huge(>4GB) writes from RocksDB to BlueFS poorly, potentially causing data corruption (bsc#1183899).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
ceph-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-base-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-common-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-fuse-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-grafana-dashboards-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-immutable-object-cache-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-mds-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-mgr-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-mgr-cephadm-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-mgr-dashboard-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-mgr-diskprediction-cloud-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-mgr-diskprediction-local-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-mgr-k8sevents-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-mgr-modules-core-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-mgr-rook-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-mon-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-osd-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-prometheus-alerts-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-radosgw-15.2.11.83+g8a15f484c2-lp152.2.15.1
ceph-test-15.2.11.83+g8a15f484c2-lp152.2.15.1
cephadm-15.2.11.83+g8a15f484c2-lp152.2.15.1
cephfs-shell-15.2.11.83+g8a15f484c2-lp152.2.15.1
libcephfs-devel-15.2.11.83+g8a15f484c2-lp152.2.15.1
libcephfs2-15.2.11.83+g8a15f484c2-lp152.2.15.1
librados-devel-15.2.11.83+g8a15f484c2-lp152.2.15.1
librados2-15.2.11.83+g8a15f484c2-lp152.2.15.1
libradospp-devel-15.2.11.83+g8a15f484c2-lp152.2.15.1
librbd-devel-15.2.11.83+g8a15f484c2-lp152.2.15.1
librbd1-15.2.11.83+g8a15f484c2-lp152.2.15.1
librgw-devel-15.2.11.83+g8a15f484c2-lp152.2.15.1
librgw2-15.2.11.83+g8a15f484c2-lp152.2.15.1
python3-ceph-argparse-15.2.11.83+g8a15f484c2-lp152.2.15.1
python3-ceph-common-15.2.11.83+g8a15f484c2-lp152.2.15.1
python3-cephfs-15.2.11.83+g8a15f484c2-lp152.2.15.1
python3-rados-15.2.11.83+g8a15f484c2-lp152.2.15.1
python3-rbd-15.2.11.83+g8a15f484c2-lp152.2.15.1
python3-rgw-15.2.11.83+g8a15f484c2-lp152.2.15.1
rados-objclass-devel-15.2.11.83+g8a15f484c2-lp152.2.15.1
rbd-fuse-15.2.11.83+g8a15f484c2-lp152.2.15.1
rbd-mirror-15.2.11.83+g8a15f484c2-lp152.2.15.1
rbd-nbd-15.2.11.83+g8a15f484c2-lp152.2.15.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0672-1
- SUSE Security Ratings
- SUSE Bug 1183074
- SUSE Bug 1183899
- SUSE Bug 1184231
- SUSE CVE CVE-2021-20288 page
Описание
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
openSUSE Leap 15.2:ceph-15.2.11.83+g8a15f484c2-lp152.2.15.1
openSUSE Leap 15.2:ceph-base-15.2.11.83+g8a15f484c2-lp152.2.15.1
openSUSE Leap 15.2:ceph-common-15.2.11.83+g8a15f484c2-lp152.2.15.1
openSUSE Leap 15.2:ceph-fuse-15.2.11.83+g8a15f484c2-lp152.2.15.1
Ссылки
- CVE-2021-20288
- SUSE Bug 1183074
- SUSE Bug 1205049