Alerts This Week
Warning Icon 1 924
Alerts This Week
Warning Icon 1 924

SUSE: 2020:1748-1 Important: Ceph HTTP Header Injection Fix

suse
Calendar Grey June 25, 2020
Dist Suse Esm H88
SUSE Security Update for Kubernetes: Resolves vulnerabilities in network configurations and introduces 7 critical patches.
An update that solves one vulnerability and has 9 fixes is now available

Summary

This is a version update for ceph to version 12.2.13: Security issue fixed: - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag (bsc#1171921). - Notable changes in this update for ceph: * mgr: telemetry: backported and now available on SES5.5. Please consider enabling via "ceph telemetry on" (bsc#1171670) * OSD heartbeat ping time: new health warning, options and admin commands (bsc#1171960) * "osd_calc_pg_upmaps_max_stddev" ceph.conf parameter has been removed; use "upmap_max_deviation" instead (bsc#1171961) * Default maximum concurrent bluestore rocksdb compaction threads raised from 1 to 2 for improved ability to keep up with rgw bucket index workloads (bsc#1171963) - Bug fixes in this ceph update: * mon: Error message displayed when mon_osd_max_split_count would be

Topics%20covered

Topics Covered

security advisory software update important HTTP header injection SUSE Linux Enterprise ceph

References

#1126230 #1136082 #1157607 #1161096 #1162553

#1171670 #1171921 #1171960 #1171961 #1171963

Cross- CVE-2020-10753

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Enterprise Storage 5

HPE Helion Openstack 8

https://www.suse.com/security/cve/CVE-2020-10753.html

https://bugzilla.suse.com/1126230

https://bugzilla.suse.com/1136082

https://bugzilla.suse.com/1157607

https://bugzilla.suse.com/1161096

...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:1748-1
Rating: important

Topics%20covered

Topics Covered

security advisory software update important HTTP header injection SUSE Linux Enterprise ceph

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here