Linux Security
    Linux Security
    Linux Security

    SUSE: 2020:3257-1 moderate: ceph, deepsea

    Date 09 Nov 2020
    402
    Posted By LinuxSecurity Advisories
    An update that solves one vulnerability and has 35 fixes is now available.
    
       SUSE Security Update: Security update for ceph, deepsea
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:3257-1
    Rating:             moderate
    References:         #1151612 #1152100 #1155045 #1155262 #1156087 
                        #1156409 #1158257 #1159689 #1160626 #1161718 
                        #1162553 #1163119 #1164571 #1165713 #1165835 
                        #1165840 #1166297 #1166393 #1166624 #1166670 
                        #1166932 #1167477 #1168403 #1169134 #1169356 
                        #1170487 #1170938 #1171367 #1171921 #1171956 
                        #1172142 #1173339 #1174591 #1175061 #1175240 
                        #1175781 
    Cross-References:   CVE-2020-10753
    Affected Products:
                        SUSE Enterprise Storage 6
    ______________________________________________________________________________
    
       An update that solves one vulnerability and has 35 fixes is
       now available.
    
    Description:
    
       This update for ceph, deepsea fixes the following issues:
    
       - Update to 14.2.13-398-gb6c514eec7:
         + Upstream 14.2.13 release see
           https://ceph.io/releases/v14-2-13-nautilus-released/
           * (bsc#1151612, bsc#1158257) ceph-volume: major batch refactor
    
       - Update to 14.2.12-436-g6feab505b7:
         + Upstream 14.2.12 release see
           https://ceph.io/releases/v14-2-12-nautilus-released/
           * (bsc#1169134) mgr/dashboard: document Prometheus' security model
           * (bsc#1170487) monclient: schedule first tick using
             mon_client_hunt_interval
           * (bsc#1174591) mgr/dashboard: Unable to edit iSCSI logged-in client
           * (bsc#1174591) mgr/dashboard: Allow editing iSCSI targets with
             initiators logged-in
           * (bsc#1175061) os/bluestore: dump onode that has too many spanning
             blobs
           * (bsc#1175240) pybind/mgr/restful: use dict.items() for py3 compatible
         + (bsc#1175781) ceph-volume: lvmcache: print help correctly
         + spec: move python-enum34 into rhel 7 conditional
    
       - Update to 14.2.11-394-g9cbbc473c0:
         + Upstream 14.2.11 release see
           https://ceph.io/releases/v14-2-11-nautilus-released/
           * mgr/progress: Skip pg_summary update if _events dict is empty
             (bsc#1167477) (bsc#1172142) (bsc#1171956)
           * mgr/dashboard: Allow to edit iSCSI target with active session
             (bsc#1173339)
    
       - Update to 14.2.10-392-gb3a13b81cb:
         + Upstream 14.2.10 release see
           https://ceph.io/releases/v14-2-10-nautilus-released/
           * mgr: Improve internal python to c++ interface (bsc#1167477)
    
       - Update to 14.2.9-970-ged84cae0c9:
         + rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader
           (bsc#1171921, CVE-2020-10753)
    
       - Update to 14.2.9-969-g9917342dc8d:
         * rebase on top of upstream nautilus, SHA1
           ccd9c04f88e53aef7e4f1068ce1221fa3b97450d
         * cmake: Improve test for 16-byte atomic support on IBM Z
         * (jsc#SES-680) monitoring: add details to Prometheus alerts
         * (bsc#1155045) mgr/dashboard: add debug mode, and accept expected
           exception when SSL handshaking
         * (bsc#1152100) monitoring: alert for prediction of disk and pool fill
           up broken
         * (bsc#1155262) mgr/dashboard: iSCSI targets not available if any
           gateway is down
         * (bsc#1159689) os/bluestore: more flexible DB volume space usage
         * (bsc#1156087) ceph-volume: make get_devices fs location independent
         * (bsc#1156409) monitoring: wait before firing osd full alert
         * (bsc#1160626) mgr/dashboard: Unable to remove an iSCSI gateway that is
           already in use
         * (bsc#1161718) mount.ceph: remove arbitrary limit on size of name=
           option
         * (bsc#1162553) ceph-volume: strip _dmcrypt suffix in simple scan json
           output
         * (bsc#1163119) mgr/dashboard: Not able to restrict bucket creation for
           new user
         * (bsc#1164571) mgr/dashboard: Prevent iSCSI target recreation when
           editing controls
         * (bsc#1165713) mgr/dashboard: Repair broken grafana panels
         * (bsc#1165835) rgw: get barbican secret key request maybe return error
           code
         * (bsc#1165840) rgw: making implicit_tenants backwards compatible
         * (bsc#1166297) mgr/dashboard: Repair broken grafana panels
         * (bsc#1166393) mgr/dashboard: KeyError on dashboard reload
         * (bsc#1166624) mgr/dashboard: Fix iSCSI's username and password
           validation
         * (bsc#1166670) monitoring: root volume full alert fires false positives
         * (bsc#1166932) mgr: synchronize ClusterState's health and mon_status
         * (bsc#1168403) mgr/dashboard: Add more debug information to Dashboard
           RGW backend
         * (bsc#1169356) rgw: reshard: skip stale bucket id entries from reshard
           queue
         * (bsc#1170938) mon/OSDMonitor: allow trimming maps even if osds are down
         * (bsc#1171367) Set OSD's bluefs-buffered-io param to false by default
    
       - Update to 14.2.13-398-gb6c514eec7:
         + Upstream 14.2.13 release see
           https://ceph.io/releases/v14-2-13-nautilus-released/
           * (bsc#1151612, bsc#1158257) ceph-volume: major batch refactor
    
    
       - Update to 14.2.12-436-g6feab505b7:
         + Upstream 14.2.12 release see
           https://ceph.io/releases/v14-2-12-nautilus-released/
           * (bsc#1169134) mgr/dashboard: document Prometheus' security model
           * (bsc#1170487) monclient: schedule first tick using
             mon_client_hunt_interval
           * (bsc#1174591) mgr/dashboard: Unable to edit iSCSI logged-in client
           * (bsc#1174591) mgr/dashboard: Allow editing iSCSI targets with
             initiators logged-in
           * (bsc#1175061) os/bluestore: dump onode that has too many spanning
             blobs
           * (bsc#1175240) pybind/mgr/restful: use dict.items() for py3 compatible
         + (bsc#1175781) ceph-volume: lvmcache: print help correctly
         + spec: move python-enum34 into rhel 7 conditional
    
       - Update to 14.2.11-394-g9cbbc473c0:
         + Upstream 14.2.11 release see
           https://ceph.io/releases/v14-2-11-nautilus-released/
           * mgr/progress: Skip pg_summary update if _events dict is empty
             (bsc#1167477) (bsc#1172142) (bsc#1171956)
           * mgr/dashboard: Allow to edit iSCSI target with active session
             (bsc#1173339)
    
       - Update to 14.2.10-392-gb3a13b81cb:
         + Upstream 14.2.10 release see
           https://ceph.io/releases/v14-2-10-nautilus-released/
           * mgr: Improve internal python to c++ interface (bsc#1167477)
    
       - Update to 14.2.9-970-ged84cae0c9:
         + rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader
           (bsc#1171921, CVE-2020-10753)
    
       - Update to 14.2.9-969-g9917342dc8d:
         * rebase on top of upstream nautilus, SHA1
           ccd9c04f88e53aef7e4f1068ce1221fa3b97450d
         * cmake: Improve test for 16-byte atomic support on IBM Z
         * (jsc#SES-680) monitoring: add details to Prometheus alerts
         * (bsc#1155045) mgr/dashboard: add debug mode, and accept expected
           exception when SSL handshaking
         * (bsc#1152100) monitoring: alert for prediction of disk and pool fill
           up broken
         * (bsc#1155262) mgr/dashboard: iSCSI targets not available if any
           gateway is down
         * (bsc#1159689) os/bluestore: more flexible DB volume space usage
         * (bsc#1156087) ceph-volume: make get_devices fs location independent
         * (bsc#1156409) monitoring: wait before firing osd full alert
         * (bsc#1160626) mgr/dashboard: Unable to remove an iSCSI gateway that is
           already in use
         * (bsc#1161718) mount.ceph: remove arbitrary limit on size of name=
           option
         * (bsc#1162553) ceph-volume: strip _dmcrypt suffix in simple scan json
           output
         * (bsc#1163119) mgr/dashboard: Not able to restrict bucket creation for
           new user
         * (bsc#1164571) mgr/dashboard: Prevent iSCSI target recreation when
           editing controls
         * (bsc#1165713) mgr/dashboard: Repair broken grafana panels
         * (bsc#1165835) rgw: get barbican secret key request maybe return error
           code
         * (bsc#1165840) rgw: making implicit_tenants backwards compatible
         * (bsc#1166297) mgr/dashboard: Repair broken grafana panels
         * (bsc#1166393) mgr/dashboard: KeyError on dashboard reload
         * (bsc#1166624) mgr/dashboard: Fix iSCSI's username and password
           validation
         * (bsc#1166670) monitoring: root volume full alert fires false positives
         * (bsc#1166932) mgr: synchronize ClusterState's health and mon_status
         * (bsc#1168403) mgr/dashboard: Add more debug information to Dashboard
           RGW backend
         * (bsc#1169356) rgw: reshard: skip stale bucket id entries from reshard
           queue
         * (bsc#1170938) mon/OSDMonitor: allow trimming maps even if osds are down
         * (bsc#1171367) Set OSD's bluefs-buffered-io param to false by default
    
       - Version: 0.9.33
       - drop workarounds for old ceph-volume lvm batch command
    
       - runners/upgrade: Add SES6->7 pre-upgrade checks
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Enterprise Storage 6:
    
          zypper in -t patch SUSE-Storage-6-2020-3257=1
    
    
    
    Package List:
    
       - SUSE Enterprise Storage 6 (noarch):
    
          deepsea-0.9.33+git.0.ed16d26e-3.27.1
          deepsea-cli-0.9.33+git.0.ed16d26e-3.27.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2020-10753.html
       https://bugzilla.suse.com/1151612
       https://bugzilla.suse.com/1152100
       https://bugzilla.suse.com/1155045
       https://bugzilla.suse.com/1155262
       https://bugzilla.suse.com/1156087
       https://bugzilla.suse.com/1156409
       https://bugzilla.suse.com/1158257
       https://bugzilla.suse.com/1159689
       https://bugzilla.suse.com/1160626
       https://bugzilla.suse.com/1161718
       https://bugzilla.suse.com/1162553
       https://bugzilla.suse.com/1163119
       https://bugzilla.suse.com/1164571
       https://bugzilla.suse.com/1165713
       https://bugzilla.suse.com/1165835
       https://bugzilla.suse.com/1165840
       https://bugzilla.suse.com/1166297
       https://bugzilla.suse.com/1166393
       https://bugzilla.suse.com/1166624
       https://bugzilla.suse.com/1166670
       https://bugzilla.suse.com/1166932
       https://bugzilla.suse.com/1167477
       https://bugzilla.suse.com/1168403
       https://bugzilla.suse.com/1169134
       https://bugzilla.suse.com/1169356
       https://bugzilla.suse.com/1170487
       https://bugzilla.suse.com/1170938
       https://bugzilla.suse.com/1171367
       https://bugzilla.suse.com/1171921
       https://bugzilla.suse.com/1171956
       https://bugzilla.suse.com/1172142
       https://bugzilla.suse.com/1173339
       https://bugzilla.suse.com/1174591
       https://bugzilla.suse.com/1175061
       https://bugzilla.suse.com/1175240
       https://bugzilla.suse.com/1175781
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.