Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

SUSE: 2018:2478-1 Important: Ceph Authorization Issues Fixed

suse
Calendar Grey August 22, 2018
Dist Suse Esm H88
SUSE Security Announcement regarding Ceph: Aims to resolve various vulnerabilities in the specified software components.
An update that solves three vulnerabilities and has one errata is now available

Summary

This update for ceph fixes the following issues: - Update to version 12.2.7-420-gc0ef85b854: * https://ceph.com/en/news/blog/2018/12-2-7-luminous-released/ * luminous: osd: eternal stuck PG in 'unfound_recovery' (bsc#1094932) * bluestore: db.slow used when db is not full (bsc#1092874) * CVE-2018-10861: Ensure that ceph-mon does perform authorization on all OSD pool ops (bsc#1099162). * CVE-2018-1129: cephx signature check bypass (bsc#1096748). * CVE-2018-1128: cephx protocol was vulnerable to replay attack (bsc#1096748). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3:

References

#1092874 #1094932 #1096748 #1099162

Cross- CVE-2018-10861 CVE-2018-1128 CVE-2018-1129

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

SUSE CaaS Platform ALL

SUSE CaaS Platform 3.0

https://www.suse.com/security/cve/CVE-2018-10861.html

https://www.suse.com/security/cve/CVE-2018-1128.html

https://www.suse.com/security/cve/CVE-2018-1129.html

https://bugzilla.suse.com/1092874

https://bugzilla.suse.com/1094932

https://bugzilla.suse.com/1096748

https://bugzilla.suse.com/1099162

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:2478-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.