SUSE: 2018:2299-1 Important: Ceph Security Update and Fixes
suse
August 10, 2018
An update that solves four vulnerabilities and has two fixes is now available
Summary
This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-10861: Fix ceph-mon authorization on OSD pool ops (bsc#1099162). - CVE-2018-1128: Fix cephx signature check bypass (bsc#1096748). - CVE-2018-1129: Fix cephx protocol vulnerability to replay attack (bsc#1096748). - CVE-2018-7262: Fix malformed http headers that can crash rgw (bsc#1081379). Bug fixes: - bsc#1072512: multipart uploads are broken if the bucket has been resharded - bsc#1080112: rgw: user stats increased after bucket reshard - bsc#1086340: SES5: XFS metadata corruption on rbd-nbd mapped image with journaling feature enabled Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
#1072512 #1080112 #1081379 #1086340 #1096748
#1099162
Cross- CVE-2018-10861 CVE-2018-1128 CVE-2018-1129
CVE-2018-7262
Affected Products:
SUSE Enterprise Storage 4
https://www.suse.com/security/cve/CVE-2018-10861.html
https://www.suse.com/security/cve/CVE-2018-1128.html
https://www.suse.com/security/cve/CVE-2018-1129.html
https://www.suse.com/security/cve/CVE-2018-7262.html
https://bugzilla.suse.com/1072512
https://bugzilla.suse.com/1080112
https://bugzilla.suse.com/1081379
https://bugzilla.suse.com/1086340
https://bugzilla.suse.com/1096748
https://bugzilla.suse.com/1099162
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2018:2299-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!