openSUSE Leap 42.3 - 2018:2479-1 Important: Ceph DoS and Header Crash
opensuse
August 22, 2018
An update that solves two vulnerabilities and has 21 fixes is now available.
Description
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2018-7262: rgw: malformed http headers can crash rgw (bsc#1081379).
- CVE-2017-16818: User reachable asserts allow for DoS (bsc#1063014).
Bug fixes:
- bsc#1061461: OSDs keep generating coredumps after adding new OSD node to
cluster.
- bsc#1079076: RGW openssl fixes.
- bsc#1067088: Upgrade to SES5 restarted all nodes, majority of OSDs
aborts during start.
- bsc#1056125: Some OSDs are down when doing performance testing on rbd
image in EC Pool.
- bsc#1087269: allow_ec_overwrites option not in command options list.
- bsc#1051598: Fix mountpoint check for systemctl enable --runtime.
- bsc#1070357: Zabbix mgr module doesn't recover from HEALTH_ERR.
- bsc#1066502: After upgrading a single OSD from SES 4 to SES 5 the OSDs
do not rejoin the cluster.
- bsc#1067119: Crushtool decompile creates wrong device entries (device 20
device20) for not...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-541=1
Package List
- openSUSE Leap 42.3 (x86_64):
ceph-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-base-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-base-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-common-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-common-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-debugsource-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-fuse-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-fuse-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mds-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mds-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mgr-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mgr-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mon-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-mon-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-osd-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-osd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-radosgw-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-radosgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1
ceph-resource-agents-12.2.5+git.1524775272.5e7ea8cf03-9.1
c...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2017-16818.html
https://www.suse.com/security/cve/CVE-2018-7262.html
https://bugzilla.suse.com/1051598
https://bugzilla.suse.com/1054061
https://bugzilla.suse.com/1056125
https://bugzilla.suse.com/1056967
https://bugzilla.suse.com/1059458
https://bugzilla.suse.com/1060904
https://bugzilla.suse.com/1061461
https://bugzilla.suse.com/1063014
https://bugzilla.suse.com/1066182
https://bugzilla.suse.com/1066502
https://bugzilla.suse.com/1067088
https://bugzilla.suse.com/1067119
https://bugzilla.suse.com/1067705
https://bugzilla.suse.com/1070357
https://bugzilla.suse.com/1071386
https://bugzilla.suse.com/1074301
https://bugzilla.suse.com/1079076
https://bugzilla.suse.com/1080788
https://bugzilla.suse.com/1081379
https://bugzilla.suse.com/1081600
https://bugzilla.suse.com/1086340
https://bugzilla.suse.com/1087269
https://bugzilla.suse.com/1087493
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2018:2479-1
Rating: important
Affected Products:
openSUSE Leap 42.3
le.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!