SUSE: 2019:2736-1 moderate: ceph, ceph-iscsi, ses-manual_en

    Date 22 Oct 2019
    517
    Posted By LinuxSecurity Advisories
    An update that solves one vulnerability and has 21 fixes is now available.
    
       SUSE Security Update: Security update for ceph, ceph-iscsi, ses-manual_en
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:2736-1
    Rating:             moderate
    References:         #1132767 #1134444 #1135584 #1137503 #1140491 
                        #1141174 #1145093 #1145617 #1145618 #1145759 
                        #1146656 #1147132 #1149093 #1150406 #1151439 
                        #1151990 #1151991 #1151992 #1151993 #1151994 
                        #1151995 #1152002 
    Cross-References:   CVE-2019-10222
    Affected Products:
                        SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
                        SUSE Linux Enterprise Module for Basesystem 15-SP1
                        SUSE Enterprise Storage 6
    ______________________________________________________________________________
    
       An update that solves one vulnerability and has 21 fixes is
       now available.
    
    Description:
    
       This update for ceph, ceph-iscsi and ses-manual_en fixes the following
       issues:
    
       Security issues fixed:
    
       - CVE-2019-10222: Fixed RGW crash caused by unauthenticated clients.
         (bsc#1145093)
    
       Non-security issues-fixed:
    
       - ceph-volume: prints errors to stdout with --format json (bsc#1132767)
       - mgr/dashboard: Changing rgw-api-host does not get effective without
         disable/enable dashboard mgr module (bsc#1137503)
       - mgr/dashboard: Silence Alertmanager alerts (bsc#1141174)
       - mgr/dashboard: Fix e2e failures caused by webdriver version (bsc#1145759)
       - librbd: always try to acquire exclusive lock when removing image
         (bsc#1149093)
       - The no{up,down,in,out} related commands have been revamped (bsc#1151990)
       - radosgw-admin gets two new subcommands for managing expire-stale
         objects. (bsc#1151991)
       - Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from
         SES5 breaks pool utilization stats reported by ceph df (bsc#1151992)
       - Ceph cluster will no longer issue a health warning if CRUSH tunables are
         older than "hammer" (bsc#1151993)
       - Nautilus-based librbd clients can not open images on Jewel clusters
         (bsc#1151994)
       - The RGW num_rados_handles has been removed in Ceph 14.2.3 (bsc#1151995)
       - "osd_deep_scrub_large_omap_object_key_threshold" has been lowered in
         Nautilus 14.2.3 (bsc#1152002)
       - Support iSCSI target-level CHAP authentication (bsc#1145617)
       - Validation and render of iSCSI controls based "type" (bsc#1140491)
       - Fix error editing iSCSI image advanced settings (bsc#1146656)
       - Fix error during iSCSI target edit
    
       Fixes in ses-manual_en:
    
       - Added a new chapter with changelogs of Ceph releases. (bsc#1135584)
       - Rewrote rolling updates and replaced running stage.0 with manual
         commands to prevent infinite loop. (bsc#1134444)
       - Improved name of CaaSP to its fuller version. (bsc#1151439)
       - Verify which OSD's are going to be removed before running stage.5.
         (bsc#1150406)
       - Added two additional steps to recovering an OSD. (bsc#1147132)
    
       Fixes in ceph-iscsi:
    
       - Validate kernel LIO controls type and value (bsc#1140491)
       - TPG lun_id persistence (bsc#1145618)
       - Target level CHAP authentication (bsc#1145617)
    
       ceph-iscsi was updated to the upstream 3.2 release:
    
       - Always use host FQDN instead of shortname
       - Validate min/max value for target controls and rbd:user/tcmu-runner
         image controls (bsc#1140491)
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:
    
          zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2736=1
    
       - SUSE Linux Enterprise Module for Basesystem 15-SP1:
    
          zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2736=1
    
       - SUSE Enterprise Storage 6:
    
          zypper in -t patch SUSE-Storage-6-2019-2736=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
    
          ceph-14.2.4.373+gc3e67ed133-3.19.1
          ceph-base-14.2.4.373+gc3e67ed133-3.19.1
          ceph-base-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-debugsource-14.2.4.373+gc3e67ed133-3.19.1
          ceph-fuse-14.2.4.373+gc3e67ed133-3.19.1
          ceph-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mds-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mds-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mgr-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mgr-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mon-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mon-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-osd-14.2.4.373+gc3e67ed133-3.19.1
          ceph-osd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-radosgw-14.2.4.373+gc3e67ed133-3.19.1
          ceph-radosgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          cephfs-shell-14.2.4.373+gc3e67ed133-3.19.1
          rbd-fuse-14.2.4.373+gc3e67ed133-3.19.1
          rbd-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          rbd-mirror-14.2.4.373+gc3e67ed133-3.19.1
          rbd-mirror-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          rbd-nbd-14.2.4.373+gc3e67ed133-3.19.1
          rbd-nbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):
    
          ceph-grafana-dashboards-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mgr-dashboard-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mgr-diskprediction-cloud-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mgr-diskprediction-local-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mgr-rook-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mgr-ssh-14.2.4.373+gc3e67ed133-3.19.1
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):
    
          ceph-test-14.2.4.373+gc3e67ed133-3.19.1
          ceph-test-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-test-debugsource-14.2.4.373+gc3e67ed133-3.19.1
    
       - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):
    
          ceph-common-14.2.4.373+gc3e67ed133-3.19.1
          ceph-common-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-debugsource-14.2.4.373+gc3e67ed133-3.19.1
          libcephfs-devel-14.2.4.373+gc3e67ed133-3.19.1
          libcephfs2-14.2.4.373+gc3e67ed133-3.19.1
          libcephfs2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          librados-devel-14.2.4.373+gc3e67ed133-3.19.1
          librados-devel-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          librados2-14.2.4.373+gc3e67ed133-3.19.1
          librados2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          libradospp-devel-14.2.4.373+gc3e67ed133-3.19.1
          librbd-devel-14.2.4.373+gc3e67ed133-3.19.1
          librbd1-14.2.4.373+gc3e67ed133-3.19.1
          librbd1-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          librgw-devel-14.2.4.373+gc3e67ed133-3.19.1
          librgw2-14.2.4.373+gc3e67ed133-3.19.1
          librgw2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          python3-ceph-argparse-14.2.4.373+gc3e67ed133-3.19.1
          python3-cephfs-14.2.4.373+gc3e67ed133-3.19.1
          python3-cephfs-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          python3-rados-14.2.4.373+gc3e67ed133-3.19.1
          python3-rados-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          python3-rbd-14.2.4.373+gc3e67ed133-3.19.1
          python3-rbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          python3-rgw-14.2.4.373+gc3e67ed133-3.19.1
          python3-rgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          rados-objclass-devel-14.2.4.373+gc3e67ed133-3.19.1
    
       - SUSE Enterprise Storage 6 (aarch64 x86_64):
    
          ceph-14.2.4.373+gc3e67ed133-3.19.1
          ceph-base-14.2.4.373+gc3e67ed133-3.19.1
          ceph-base-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-common-14.2.4.373+gc3e67ed133-3.19.1
          ceph-common-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-debugsource-14.2.4.373+gc3e67ed133-3.19.1
          ceph-fuse-14.2.4.373+gc3e67ed133-3.19.1
          ceph-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mds-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mds-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mgr-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mgr-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mon-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mon-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-osd-14.2.4.373+gc3e67ed133-3.19.1
          ceph-osd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          ceph-radosgw-14.2.4.373+gc3e67ed133-3.19.1
          ceph-radosgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          cephfs-shell-14.2.4.373+gc3e67ed133-3.19.1
          libcephfs2-14.2.4.373+gc3e67ed133-3.19.1
          libcephfs2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          librados2-14.2.4.373+gc3e67ed133-3.19.1
          librados2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          librbd1-14.2.4.373+gc3e67ed133-3.19.1
          librbd1-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          librgw2-14.2.4.373+gc3e67ed133-3.19.1
          librgw2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          python3-ceph-argparse-14.2.4.373+gc3e67ed133-3.19.1
          python3-cephfs-14.2.4.373+gc3e67ed133-3.19.1
          python3-cephfs-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          python3-rados-14.2.4.373+gc3e67ed133-3.19.1
          python3-rados-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          python3-rbd-14.2.4.373+gc3e67ed133-3.19.1
          python3-rbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          python3-rgw-14.2.4.373+gc3e67ed133-3.19.1
          python3-rgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          rbd-fuse-14.2.4.373+gc3e67ed133-3.19.1
          rbd-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          rbd-mirror-14.2.4.373+gc3e67ed133-3.19.1
          rbd-mirror-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
          rbd-nbd-14.2.4.373+gc3e67ed133-3.19.1
          rbd-nbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1
    
       - SUSE Enterprise Storage 6 (noarch):
    
          ceph-grafana-dashboards-14.2.4.373+gc3e67ed133-3.19.1
          ceph-iscsi-3.3+1570532654.g93940a4-3.5.1
          ceph-mgr-dashboard-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mgr-diskprediction-local-14.2.4.373+gc3e67ed133-3.19.1
          ceph-mgr-rook-14.2.4.373+gc3e67ed133-3.19.1
          ceph-prometheus-alerts-14.2.4.373+gc3e67ed133-3.19.1
          ses-admin_en-pdf-6+git145.1558531-3.15.1
          ses-deployment_en-pdf-6+git145.1558531-3.15.1
          ses-manual_en-6+git145.1558531-3.15.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-10222.html
       https://bugzilla.suse.com/1132767
       https://bugzilla.suse.com/1134444
       https://bugzilla.suse.com/1135584
       https://bugzilla.suse.com/1137503
       https://bugzilla.suse.com/1140491
       https://bugzilla.suse.com/1141174
       https://bugzilla.suse.com/1145093
       https://bugzilla.suse.com/1145617
       https://bugzilla.suse.com/1145618
       https://bugzilla.suse.com/1145759
       https://bugzilla.suse.com/1146656
       https://bugzilla.suse.com/1147132
       https://bugzilla.suse.com/1149093
       https://bugzilla.suse.com/1150406
       https://bugzilla.suse.com/1151439
       https://bugzilla.suse.com/1151990
       https://bugzilla.suse.com/1151991
       https://bugzilla.suse.com/1151992
       https://bugzilla.suse.com/1151993
       https://bugzilla.suse.com/1151994
       https://bugzilla.suse.com/1151995
       https://bugzilla.suse.com/1152002
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"7","type":"x","order":"1","pct":100,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.