Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

openSUSE Leap 15.2: 2021:0544-1 Moderate: Ceph Issues Resolved

opensuse
Calendar Grey April 12, 2021
Dist Opensuse Esm H88
The recent openSUSE update significantly boosts Ceph functionalities with enhanced cookie security and improved log management for better user trust and efficiency
An update that solves two vulnerabilities and has 12 fixes is now available

Description

This update for ceph fixes the following issues:

- ceph was updated to to 15.2.9

- cephadm: fix 'inspect' and 'pull' (bsc#1182766)

- CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token

(bsc#1179997)

- CVE-2020-25678: Do not add sensitive information in Ceph log files

(bsc#1178905)

- mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926)

- mgr/dashboard: enable different URL for users of browser to Grafana

(bsc#1176390, bsc#1176679)

- mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489)

- cephadm: command_unit: call systemctl with verbose=True (bsc#1176828)

- cephadm: silence "Failed to evict container" log msg (bsc#1177360)

- mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails

(bsc#1177857)

- rgw: cls/user: set from_index for reset stats calls (bsc#1178837)

- mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860)

- cephadm: reference the last local image by digest...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate log management cookie security openSUSE ceph issues

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-544=1

Package List

- openSUSE Leap 15.2 (x86_64):

ceph-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-base-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-base-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-common-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-common-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-debugsource-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-fuse-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-fuse-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-immutable-object-cache-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-immutable-object-cache-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-mds-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-mds-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-mgr-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-mgr-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-mon-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-mon-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-osd-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-osd-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-radosgw-15.2.9.83+g4275378de0-lp152.2.12.1

ceph-radosgw-debu...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2020-25678.html

https://www.suse.com/security/cve/CVE-2020-27839.html

https://bugzilla.suse.com/1172926

https://bugzilla.suse.com/1176390

https://bugzilla.suse.com/1176489

https://bugzilla.suse.com/1176679

https://bugzilla.suse.com/1176828

https://bugzilla.suse.com/1177360

https://bugzilla.suse.com/1177857

https://bugzilla.suse.com/1178837

https://bugzilla.suse.com/1178860

https://bugzilla.suse.com/1178905

https://bugzilla.suse.com/1178932

https://bugzilla.suse.com/1179569

https://bugzilla.suse.com/1179997

https://bugzilla.suse.com/1182766

Announcement ID: openSUSE-SU-2021:0544-1
Rating: moderate
Affected Products: openSUSE Leap 15.2 ble.

Topics%20covered

Topics Covered

security advisory moderate log management cookie security openSUSE ceph issues

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here