openSUSE: Critical Ceph Security Update for Vulnerability 2021:0833-1

opensuse

September 26, 2025

An update that fixes three vulnerabilities is now available.

Description

This update for ceph fixes the following issues:

- Update to 15.2.12-83-g528da226523:

- (CVE-2021-3509) fix cookie injection issue (bsc#1186021)

- (CVE-2021-3531) RGWSwiftWebsiteHandler::is=5Fweb=5Fdir checks empty

subdir=5Fname (bsc#1186020)

- (CVE-2021-3524) sanitize \r in s3 CORSConfiguration=3F=3F=3Fs ExposeHe=

ader

(bsc#1185619)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Topics Covered

security advisory important OpenSUSE Ceph sanitization cookie problem

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended instal=

lation methods

like YaST online=5Fupdate or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-833=3D1

Package List

- openSUSE Leap 15.2 (noarch):

ceph-grafana-dashboards-15.2.12.83+g528da226523-lp152.2.18.1

ceph-mgr-cephadm-15.2.12.83+g528da226523-lp152.2.18.1

ceph-mgr-dashboard-15.2.12.83+g528da226523-lp152.2.18.1

ceph-mgr-diskprediction-cloud-15.2.12.83+g528da226523-lp152.2.18.1

ceph-mgr-diskprediction-local-15.2.12.83+g528da226523-lp152.2.18.1

ceph-mgr-k8sevents-15.2.12.83+g528da226523-lp152.2.18.1

ceph-mgr-modules-core-15.2.12.83+g528da226523-lp152.2.18.1

ceph-mgr-rook-15.2.12.83+g528da226523-lp152.2.18.1

ceph-prometheus-alerts-15.2.12.83+g528da226523-lp152.2.18.1

cephadm-15.2.12.83+g528da226523-lp152.2.18.1

- openSUSE Leap 15.2 (x86=5F64):

ceph-15.2.12.83+g528da226523-lp152.2.18.1

ceph-base-15.2.12.83+g528da226523-lp152.2.18.1

ceph-base-debuginfo-15.2.12.83+g528da226523-lp152.2.18.1

ceph-common-15.2.12.83+g528da226523-lp152.2.18.1

ceph-common-debuginfo-15.2.12.83+g528da226523-lp152.2.18.1

ceph-debugsource-15.2.12.83+g528da226523-lp152.2.18.1

ceph-fuse-15.2.12.83+g528da226523-lp152.2.18.1

ceph-fuse-debuginfo-15.2...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2021-3509.html

https://www.suse.com/security/cve/CVE-2021-3524.html

https://www.suse.com/security/cve/CVE-2021-3531.html

https://bugzilla.suse.com/1185619

https://bugzilla.suse.com/1186020

https://bugzilla.suse.com/1186021

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2021:0833-1

Rating: important

Affected Products: openSUSE Leap 15.2 =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F

Topics Covered

security advisory important OpenSUSE Ceph sanitization cookie problem

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

openSUSE: Critical Ceph Security Update for Vulnerability 2021:0833-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

openSUSE: Critical Ceph Security Update for Vulnerability 2021:0833-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!