Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

SUSE Linux Enterprise: 2021:1108-1 Moderate: Ceph Security Update

suse
Calendar Grey April 8, 2021
Scroller Suse
The latest SUSE security update for Ceph brings vital improvements, addressing two vulnerabilities that compromised system stability and integrity, ensuring better security
An update that solves two vulnerabilities and has 12 fixes is now available

Summary

This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence "Failed to evict container" log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857)

References

#1172926 #1176390 #1176489 #1176679 #1176828

#1177360 #1177857 #1178837 #1178860 #1178905

#1178932 #1179569 #1179997 #1182766

Cross- CVE-2020-25678 CVE-2020-27839

CVSS scores:

CVE-2020-25678 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVE-2020-27839 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

SUSE Linux Enterprise Module for Basesystem 15-SP2

SUSE Enterprise Storage 7

https://www.suse.com/security/cve/CVE-2020-25678.html

https://www.suse.com/security/cve/CVE-2020-27839.html

https://bugzilla.suse.com/1172926

https://bugzilla.suse.com/1176390

https://bugzilla.suse.com/1176489

https://bugzilla.suse.com/1176679

https://bugzilla.suse.com/1176828

https://bugzilla.suse.com/1177360

Announcement ID: SUSE-SU-2021:1108-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.