SUSE: 2019:2994-1 important: ceph

    Date 18 Nov 2019
    324
    Posted By LinuxSecurity Advisories
    An update that solves one vulnerability and has 22 fixes is now available.
    
       SUSE Security Update: Security update for ceph
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:2994-1
    Rating:             important
    References:         #1132767 #1134444 #1135584 #1137503 #1140491 
                        #1141174 #1145093 #1145617 #1145618 #1145759 
                        #1146656 #1147132 #1149093 #1150406 #1151439 
                        #1151990 #1151991 #1151992 #1151993 #1151994 
                        #1151995 #1152002 #1156282 
    Cross-References:   CVE-2019-10222
    Affected Products:
                        SUSE Enterprise Storage 6
    ______________________________________________________________________________
    
       An update that solves one vulnerability and has 22 fixes is
       now available.
    
    Description:
    
    
    
       This update for ceph fixes the following issues:
    
       - A previous update introduced a regression with the potential to cause
         RocksDB data corruption in Nautilus (bsc#1156282).
    
       - Support for iSCSI target-level CHAP authentication was added
         (bsc#1145617).
    
       - Implemented validation and rendering of iSCSI controls based "type"
         (bsc#1140491).
    
       - Fixed an error while editing iSCSI image advanced settings (bsc#1146656).
    
       - Fixed a ceph-volume regression. SES customers were never exposed to this
         regression (bsc#1132767).
    
       - Fixed a denial of service vulnerability where an unauthenticated client
         of Ceph Object Gateway could trigger a crash from an uncaught exception
         (bsc#1145093, CVE-2019-10222)
    
       - Nautilus-based librbd clients could not open images on Jewel clusters
         (bsc#1151994).
    
       - The RGW num_rados_handles has been removed (bsc#1151995).
    
       - "osd_deep_scrub_large_omap_object_key_threshold" has been lowered in
         Nautilus (bsc#1152002).
    
       - The ceph dashboard now supports silencing Prometheus notifications
         (bsc#1141174).
    
       - The no{up,down,in,out} related commands have been revamped (bsc#1151990).
    
       - Radosgw-admin got two new subcommands for managing expire-stale objects
         (bsc#1151991)..
    
       - Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from
         SES5 used to break pool utilization stats reported by ceph df
         (bsc#1151992).
    
       - Ceph clusters will issue a health warning if CRUSH tunables are older
         than "hammer" (bsc#1151993).
    
       - Ceph-volume prints errors to stdout with --format json (bsc#1132767).
    
       - Changing rgw-api-host in the dashboard does not get effective without
         disable/enable dashboard mgr module (bsc#1137503).
    
       - Silenced Alertmanager alerts in the dashboard (bsc#1141174).
    
       - Fixed e2e failures in the dashboard caused by webdriver version
         (bsc#1145759)
    
       - librbd always tries to acquire exclusive lock when removing image an
         (bsc#1149093).
    
       Fixes in ses-manual_en:
    
       - Added a new chapter with changelogs of Ceph releases. (bsc#1135584)
       - Rewrote rolling updates and replaced running stage.0 with manual
         commands to prevent infinite loop. (bsc#1134444)
       - Improved name of CaaSP to its fuller version. (bsc#1151439)
       - Verify which OSD's are going to be removed before running stage.5.
         (bsc#1150406)
       - Added two additional steps to recovering an OSD. (bsc#1147132)
    
       Fixes in ceph-iscsi:
    
       - Validate kernel LIO controls type and value (bsc#1140491)
       - TPG lun_id persistence (bsc#1145618)
       - Target level CHAP authentication (bsc#1145617)
    
       ceph-iscsi was updated to the upstream 3.2 release:
    
       - Always use host FQDN instead of shortname
       - Validate min/max value for target controls and rbd:user/tcmu-runner
         image controls (bsc#1140491)
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Enterprise Storage 6:
    
          zypper in -t patch SUSE-Storage-6-2019-2994=1
    
    
    
    Package List:
    
       - SUSE Enterprise Storage 6 (noarch):
    
          ceph-iscsi-3.3+1570532654.g93940a4-3.7.1
          ses-admin_en-pdf-6+git145.1558531-3.17.1
          ses-deployment_en-pdf-6+git145.1558531-3.17.1
          ses-manual_en-6+git145.1558531-3.17.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-10222.html
       https://bugzilla.suse.com/1132767
       https://bugzilla.suse.com/1134444
       https://bugzilla.suse.com/1135584
       https://bugzilla.suse.com/1137503
       https://bugzilla.suse.com/1140491
       https://bugzilla.suse.com/1141174
       https://bugzilla.suse.com/1145093
       https://bugzilla.suse.com/1145617
       https://bugzilla.suse.com/1145618
       https://bugzilla.suse.com/1145759
       https://bugzilla.suse.com/1146656
       https://bugzilla.suse.com/1147132
       https://bugzilla.suse.com/1149093
       https://bugzilla.suse.com/1150406
       https://bugzilla.suse.com/1151439
       https://bugzilla.suse.com/1151990
       https://bugzilla.suse.com/1151991
       https://bugzilla.suse.com/1151992
       https://bugzilla.suse.com/1151993
       https://bugzilla.suse.com/1151994
       https://bugzilla.suse.com/1151995
       https://bugzilla.suse.com/1152002
       https://bugzilla.suse.com/1156282
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"7","type":"x","order":"1","pct":100,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.