Explore top 10 tips to secure your open-source projects now. Read More
×
This update for ceph fixes the following issues: - Update to version 12.2.7-420-gc0ef85b854: * https://ceph.com/en/news/blog/2018/12-2-7-luminous-released/ * luminous: osd: eternal stuck PG in 'unfound_recovery' (bsc#1094932) * bluestore: db.slow used when db is not full (bsc#1092874) * CVE-2018-10861: Ensure that ceph-mon does perform authorization on all OSD pool ops (bsc#1099162). * CVE-2018-1129: cephx signature check bypass (bsc#1096748). * CVE-2018-1128: cephx protocol was vulnerable to replay attack (bsc#1096748). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3:
#1092874 #1094932 #1096748 #1099162
Cross- CVE-2018-10861 CVE-2018-1128 CVE-2018-1129
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
SUSE CaaS Platform ALL
SUSE CaaS Platform 3.0
https://www.suse.com/security/cve/CVE-2018-10861.html
https://www.suse.com/security/cve/CVE-2018-1128.html
https://www.suse.com/security/cve/CVE-2018-1129.html
https://bugzilla.suse.com/1092874
https://bugzilla.suse.com/1094932
https://bugzilla.suse.com/1096748
https://bugzilla.suse.com/1099162
Get the latest Linux and open source security news straight to your inbox.