This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2018-14662: mon: limit caps allowed to access the config store
(bsc#1111177)
- CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts
(bsc#1114710)
- CVE-2018-16889: rgw: sanitize customer encryption keys from log output
in v4 auth (bsc#1121567)
Non-security issue fixed:
- os/bluestore: avoid frequent allocator dump on bluefs rebalance failure
(bsc#1113246)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-306=1
- openSUSE Leap 42.3 (x86_64):
ceph-12.2.10+git.1549630712.bb089269ea-21.1
ceph-base-12.2.10+git.1549630712.bb089269ea-21.1
ceph-base-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1
ceph-common-12.2.10+git.1549630712.bb089269ea-21.1
ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1
ceph-debugsource-12.2.10+git.1549630712.bb089269ea-21.1
ceph-fuse-12.2.10+git.1549630712.bb089269ea-21.1
ceph-fuse-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1
ceph-mds-12.2.10+git.1549630712.bb089269ea-21.1
ceph-mds-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1
ceph-mgr-12.2.10+git.1549630712.bb089269ea-21.1
ceph-mgr-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1
ceph-mon-12.2.10+git.1549630712.bb089269ea-21.1
ceph-mon-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1
ceph-osd-12.2.10+git.1549630712.bb089269ea-21.1
ceph-osd-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1
ceph-radosgw-12.2.10+git.1549630712.bb089269ea-21.1
ceph-radosgw-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1
ceph-resource-agents-1...
Read the Full Advisoryhttps://www.suse.com/security/cve/CVE-2018-14662.html
https://www.suse.com/security/cve/CVE-2018-16846.html
https://www.suse.com/security/cve/CVE-2018-16889.html
https://bugzilla.suse.com/1111177
https://bugzilla.suse.com/1113246
https://bugzilla.suse.com/1114710
https://bugzilla.suse.com/1121567
--
Get the latest Linux and open source security news straight to your inbox.