Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2019:0586-1 Moderate: Ceph Security Issues Resolved

suse
Calendar Grey March 12, 2019
Dist Suse Esm H88
SUSE has rolled out a Security Update tackling 5 vulnerabilities in ceph, which enhances both security and performance. Ensure you update promptly for better protection!
An update that solves 5 vulnerabilities and has two fixes is now available

Summary

This update for ceph version 13.2.4 fixes the following issues: Security issues fixed: - CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety (bsc#1111177) - CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon (bsc#1099162) - CVE-2018-1128: Fixed signature check bypass in cephx (bsc#1096748) - CVE-2018-1129: Fixed replay attack in cephx protocol (bsc#1096748) - CVE-2018-16846: Enforced bounds on max-keys/max-uploads/max-parts in rgw Non-security issues fixed: - ceph-volume Python 3 fixes (bsc#1114567) - fix python3 module loading (bsc#1086613) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory moderate security issue update fix SUSE ceph

References

#1084645 #1086613 #1096748 #1099162 #1101262

#1111177 #1114567

Cross- CVE-2018-10861 CVE-2018-1128 CVE-2018-1129

CVE-2018-14662 CVE-2018-16846

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-10861.html

https://www.suse.com/security/cve/CVE-2018-1128.html

https://www.suse.com/security/cve/CVE-2018-1129.html

https://www.suse.com/security/cve/CVE-2018-14662.html

https://www.suse.com/security/cve/CVE-2018-16846.html

https://bugzilla.suse.com/1084645

https://bugzilla.suse.com/1086613

https://bugzilla.suse.com/1096748

https://bugzilla.suse.com/1099162

https://bugzilla.suse.com/1101262

Announcement ID: SUSE-SU-2019:0586-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate security issue update fix SUSE ceph

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here