Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

openSUSE: 2019:0306-1 Important: Ceph Security Issues Resolved

opensuse
Calendar Grey March 8, 2019
Dist Opensuse Esm H88
This Fedora security patch addresses four severe vulnerabilities in docker, reinforcing platform stability and protection.
An update that solves three vulnerabilities and has one errata is now available.

Description

This update for ceph fixes the following issues:

Security issues fixed:

- CVE-2018-14662: mon: limit caps allowed to access the config store

(bsc#1111177)

- CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts

(bsc#1114710)

- CVE-2018-16889: rgw: sanitize customer encryption keys from log output

in v4 auth (bsc#1121567)

Non-security issue fixed:

- os/bluestore: avoid frequent allocator dump on bluefs rebalance failure

(bsc#1113246)

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-306=1

Package List

- openSUSE Leap 42.3 (x86_64):

ceph-12.2.10+git.1549630712.bb089269ea-21.1

ceph-base-12.2.10+git.1549630712.bb089269ea-21.1

ceph-base-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1

ceph-common-12.2.10+git.1549630712.bb089269ea-21.1

ceph-common-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1

ceph-debugsource-12.2.10+git.1549630712.bb089269ea-21.1

ceph-fuse-12.2.10+git.1549630712.bb089269ea-21.1

ceph-fuse-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1

ceph-mds-12.2.10+git.1549630712.bb089269ea-21.1

ceph-mds-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1

ceph-mgr-12.2.10+git.1549630712.bb089269ea-21.1

ceph-mgr-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1

ceph-mon-12.2.10+git.1549630712.bb089269ea-21.1

ceph-mon-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1

ceph-osd-12.2.10+git.1549630712.bb089269ea-21.1

ceph-osd-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1

ceph-radosgw-12.2.10+git.1549630712.bb089269ea-21.1

ceph-radosgw-debuginfo-12.2.10+git.1549630712.bb089269ea-21.1

ceph-resource-agents-1...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-14662.html

https://www.suse.com/security/cve/CVE-2018-16846.html

https://www.suse.com/security/cve/CVE-2018-16889.html

https://bugzilla.suse.com/1111177

https://bugzilla.suse.com/1113246

https://bugzilla.suse.com/1114710

https://bugzilla.suse.com/1121567

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:0306-1
Rating: important
Affected Products: openSUSE Leap 42.3 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here