Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisorysecurityimportantSUSE: 2023:72-3 Critical: Patch for CephCSI Vulnerability Released
The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update:. SUSE Container Update Advisory: ses/7/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:51-1 Container Tags : ses/7/cephcsi/cephcsi:3.4.0 , ses/7/cephcsi/cephcsi:3.4.0.0.3.699 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.4.0 , ses/7/cephcsi/cephcsi:v3.4.0.0 Container Release : 3.699 Severity : important Type : security References : 1169614 1174504 1180125 1183905 1191630 1192489 1193181 1193480 1193711 ----------------------------------------------------------------- The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix functiongcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:70-1 Released: Thu Jan 13 15:25:27 2022 Summary: Recommended update for python-configshell-fb Type: recommended Severity: moderate References: This update for python-configshell-fb fixes the following issues: - Upgrade to latest upstream version v1.1.29 (jsc#SLE-17360): * setup.py: specify a version range for pyparsing * setup.py: lets stick to pyparsing v2.4.7 * Don't warn if prefs file doesn't exist - Update to version v1.1.28 from v1.1.27 (jsc#SLE-17360): * version 1.1.28 * Ensure that all output reaches the client when daemonized * Remove Epydoc markup from command messages * Remove epydoc imports and epydoc calls ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1193711 This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:124-1 Released: Wed Jan 19 05:03:04 2022 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1191630 This update for shared-mime-info fixes the following issues: - Fix nautilus not launching applications because all applications are not detected as executableprogram but as shared library (bsc#1191630) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:154-1 Released: Mon Jan 24 07:02:02 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook Type: recommended Severity: moderate References: This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook fixes the following issues: - Update to 3.4.0 Features: Beta: Below features have been lifted from its Alpha support to Beta * Snapshot creation and deletion * Volume restore from snapshot * Volume clone support * Volume/PV Metrics of File Mode Volume * Volume/PV Metrics of Block Mode Volume Alpha: * rbd-nbd volume mounter Enhancement: * Restore RBD snapshot to a different Pool * Snapshot schedule support for RBD mirrored PVC * Mirroring support for thick PVC * Multi-Tenant support for vault encryption * AmazonMetadata KMS provider support * rbd-nbd volume healer support * Locking enhancement for improving POD deletion performance * Improvements in lock handling for snap and clone operations * Better thick provisioning support * Create CephFS subvolume with VolumeNamePrefix * CephFS Subvolume path addition in PV object * Consumption of go-ceph APIs for various CephFS controller and node operations. * Resize of the RBD encrypted volume * Better error handling for GRPC * Golang profiling support fordebugging * Updated Kubernetes sidecar versions to the latest release * Kubernetes dependency update to v1.21.2 * Create storageclass and secrets using helm charts CI/E2E * Expansion of RBD encrypted volumes * Update and addition of new static golang tools * Kubernetes v1.21 support * Unit tests for SecretsKMS * Test for Vault with ServiceAccount per Tenant * E2E for user secret based metadata encryption * Update rook.sh and Ceph cluster version in E2E * Added RBD test for testing sc, secret via helm * Update feature gates setting from minikube.sh * Add CephFS test for sc, secret via helm * Add e2e for static PVC without imageFeature parameter * Make use of snapshot v1 API and client sets in e2e tests * Validate thick-provisioned PVC-PVC cloning * Adding retry support for various e2e failure scenarios * Refactor KMS configuration and usage - Removed patch ceph-csi-locking.patch (got merged upstream) - Update to v3.3.0 * Feature * Add command line arguments to configure leader election options (#313, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#308, @chrishenzie) * Updates Kubernetes dependencies to v1.22.0 (#321, @chrishenzie) [SIG Storage] * Bug or Regression * Fix a bug that the controller can panic crash when it receives DeletedFinalStateUnknown deletion event. (#304, @Jiawei0227) * Other (Cleanup or Flake) * Updates container-storage-interface dependency to v1.5.0 (#312, @chrishenzie) * Reuse the same gRPC CSI client for all CSI driver calls (#318, @yeya24) - Update to v3.2.1 - Get rid of vendoring - Update version of go to 1.16 - Update to v3.0.2 - Update version to 3.0.0 * Feature * Add command line arguments to configure leader election options (#643, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#630, @chrishenzie) * The provisioner sidecar now hasan argument called controller-publish-readonly which sets the value of CSI PV spec readonly field value based on the PVC access mode. If this flag is set to true and the PVC access mode only contains the ROX access mode, the controller automatically sets PersistentVolume.spec.CSIPersistentVolumeSource.readOnly field to true. (#469, @humblec) * Updates Kubernetes dependencies to v1.22.0 (#660, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#644, @chrishenzie) * Bug or Regression * Fix a bug that not being able to use block device mode when enable a storage capacity tracking mode. (#635, @bells17) * Fix a data race in cloning protection controller (#651, @tksm) * Fix capacity information updates when topology changes. Only affected central deployment and network attached storage, not deployment on each node. This broke in v2.2.0 as part of a bug fix for capacity informer handling. (#617, @bai3shuo4) * Fix env name from POD_NAMESPACE to NAMESPACE for capacity-ownerref-level option. (#636, @bells17) * Fixed reporting of metrics when a migratable CSI driver is used. (#620, @jsafrane) * Newly provisioned CSI Migration enabled PV will have 'provisioned-by' annotation set to in-tree provisioner name instead of the CSI provisioner (#646, @wongma7) - Update version to 2.2.2 - Get rid of vendoring - Use go 1.16 for building - Update version to 2.0.4 - Update to version 1.3.0 * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#165, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#156, @chrishenzie) * Feature * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#151, @chrishenzie) * leader-election-lease-duration, leader-election-renew-deadline and leader-election-retry-period were added to command line arguments to configure leader election options (#158, @RaunakShah) - Update to version 1.2.0 - Getrid of vendoring - Push go version to 1.16 - Update to version 1.0.1 - Update to version 4.2.0 * Feature * Snapshot APIs * The namespace of the referenced VolumeSnapshot is printed when printing a VolumeSnapshotContent. (#535, @tsmetana) * Snapshot Controller * retry-interval-start and retry-interval-max arguments are added to common-controller which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for snapshot and content queues. (#530, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for the snapshot controller. (#575, @bertinatto) * Adds an operations_in_flight metric for determining the number of snapshot operations in progress. (#519, @ggriffiths) * Introduced 'SnapshotCreated' and 'SnapshotReady' events. (#540, @rexagod) * CSI Snapshotter Sidecar * retry-interval-start and retry-interval-max arguments are added to csi-snapshotter sidecar which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for volumesnapshotcontent queue. (#308, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for CSI snapshotter sidecar. (#538, @RaunakShah) * Bug or Regression * Snapshot Controller * Add process_start_time_seconds metric (#569, @saikat-royc) * Adds the leader election health check for the snapshot controller at /healthz/leader-election (#573, @ggriffiths) * Remove kube-system namespace verification during startup and instead list volumes across all namespaces (#515, @mauriciopoppe) * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#570, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#574, @chrishenzie) * Updatescontainer-storage-interface dependency to v1.5.0 (#532, @chrishenzie) * Snapshot Validation Webhook * Changed the webhook image from distroless/base to distroless/static. (#550, @WanzenBug) - Update to version 4.1.1 - Get rid of vendoring - Update go-version to 1.16 - Update to version 3.0.2 - Update to version 2.3.0 * Dockerfile.Windows args changed to ADDON_IMAGE and BASE_IMAGE (#146, @mauriciopoppe) * Updates Kubernetes dependencies to v1.22.0 (#159, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#160, @chrishenzie) * New running modes, the kubelet-registration-probe mode checks if node-driver-registrar kubelet plugin registration succeeded. (#152, @mauriciopoppe) * Updates container-storage-interface dependency to v1.5.0 (#151, @chrishenzie) - Update to version 2.2.0 * Updated runtime (Go 1.16) and dependencies (#136, @pohly) * Update image and tag names for Windows to have separate parameters for nanoserver and servercore (#111, @jingxu97) - Update to v1.7.7 Rook v1.7.7 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * docs: Support ephemeral volumes with Ceph CSI RBD and CephFS driver (#9055, @humblec) * core: Allow downgrade of all daemons consistently (#9098, @travisn) * core: Reconcile once instead of multiple times after the cluster CR is edited (#9091, @leseb) * nfs: Add pool setting CR option (#9040, @leseb) * ceph: Trigger 'CephMonQuorumLost' alert when mon quorum is down (#9068, @aruniiird) * rgw: Updated livenessProbe and readinessProbe (#9080, @satoru-takeuchi) * mgr: Do not set the balancer mode on pacific (#9063, @leseb) * helm: Add appVersion property to the charts (#9051, @travisn) * rgw: Read tls secret hint for insecure tls (#9020, @leseb) * ceph: Ability to set labels on the crash collector (#9044, @leseb) * core: Treat cluster as not existing if the cleanup policy is set (#9041, @travisn) * docs: Document failover and failback scenarios forapplications (#8411, @Yuggupta27) * ceph: Update endpoint with IP for external RGW server (#9010, @thotz) - Combined gomod.patch and gosum.patch to vendor.patch * Patching module-files to match the SUSE build env - Update to v1.7.6 Rook v1.7.6 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: only merge stderr on error (#8995, @leseb)core: only merge stderr on error (#8995, @leseb) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * csi: fix comment for the provisioner and clusterID (#8990, @Madhu-1) * mon: Enable mon failover for the arbiter in stretch mode (#8984, @travisn) * monitoring: fixing the queries for alerts 'CephMgrIsAbsent' and 'CephMgrIsMissingReplicas' (#8985, @aruniiird) * osd: fix kms auto-detection when full TLS (#8867, @leseb) * csi: add affinity to csi version check job (#8965, @Rakshith-R) * pool: remove default value for pool compression (#8966, @leseb) * monitoring: handle empty ceph_version in ceph_mon_metadata to avoid raising misleading alert (#8947, @GowthamShanmugam) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * osd: print the c-v output when inventory command fails (#8971, @leseb) * helm: remove chart content not in common.yaml (#8884, @BlaineEXE) * rgw: replace period update --commit with function (#8911, @BlaineEXE) * rgw: fixing ClientID of log-collector for RGW instance (#8889, @parth-gr) * mon: run ceph commands to mon with timeout (#8939, @leseb) * osd: do not hide errors (#8933, @leseb) * rgw: use trace logs for RGW admin HTTP info (#8937, @BlaineEXE) - Update to v1.7.5 Rook v1.7.5 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Update csi sidecar references to the latest versions (#8820, @humblec) * No longer install the VolumeReplication CRDs from Rook (#8845, @travisn) * Initialize rbd block pool after creation (#8923,@Rakshith-R) * Close stdoutPipe for the discovery daemon (#8917, @subhamkrai) * Add documentation to recover a pod from a lost node (#8742, @subhamkrai) * Increasing the auto-resolvable alerts delay to 15m (#8896, @aruniiird) * Change CephAbsentMgr to use 'up' query (#8882, @aruniiird) * Adding 'namespace' field to the needed ceph queries (#8901, @aruniiird) * Update period if period does not exist (#8828, @BlaineEXE) * Do not fail on KMS keys deletion (#8868, @leseb) * Do not build all the multus args to remote exec cmd (#8860, @leseb) * Fix external script when passing monitoring list (#8807, @leseb) * Use insecure TLS for bucket health check (#8712, @leseb) * Add PVC privileges to the rook-ceph-purge-osd service account (#8833, @ashangit) * Fix the example of local PVC-based cluster (#8846, @satoru-takeuchi) * Add signal handling for log collector (#8806, @leseb) * Prometheus rules format changes (#8774, @aruniiird) * Add namespace to ceph node down query (#8793, @aruniiird) - Added gomod.patch and gosum.patch * Patching module-files to match the SUSE build env - Update to v1.7.4 Rook v1.7.4 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Add missing error type check to exec (#8751, @BlaineEXE) * Raise minimum supported version of Ceph-CSI to v3.3.0 (#8803, @humblec) * Set the Ceph v16.2.6 release as the default version (#8743, @leseb) * Pass region to newS3agent() (#8766, @thotz) * Remove unnecessary CephFS provisioner permission (#8739, @Madhu-1) * Configurable csi provisioner replica count (#8801, @Madhu-1) * Allow setting the default storageclass for a filesystem in the helm chart (#8771, @kubealex) * Retry object health check if creation fails (#8708, @BlaineEXE) * Use the admin socket for the mgr liveness probe (#8721, @jmolmo) * Correct the CephFS mirroring documentation (#8732, @leseb) * Reconcile OSD PDBs if allowed disruption is 0 (#8698, @sp98) * Add peer spec migration to upgrade doc(#8435, @BlaineEXE) * Fix lvm osd db device check (#8267, @lyind) * Refactor documentation to simplify for the Ceph provider (#8693, @travisn) * Emphasize unit tests in the development guide (#8685, @BlaineEXE) - Update to v1.7.3 Rook Ceph v1.7.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Cassandra and NFS have moved to their own repos. All improvements in this repo starting from this release will only be for the Ceph storage provider. (#8619, @BlaineEXE) * Image list for offline installation can be found in images.txt (#8596, @subhamkrai) * Add networking.k8s.io/v1 Ingress chart compatibility (#8666, @hall) * Modify the log info when ok to continue fails (#8675, @subhamkrai) * Print the output on errors from ceph-volume (#8670, @leseb) * Add quota and capabilities configuration for CephObjectStore users (#8211, @thotz) * Fix pool deletion when uninstalling a multus cluster configuration (#8659, @leseb) * Use node externalIP if no internalIP defined (#8653, @JrCs) * Fix CephOSDCriticallyFull and CephOSDNearFull monitoring alert queries (#8668, @Muyan0828) * Fix CephMonQuorumAtRisk monitoring alert query (#8652, @anmolsachan) * Allow an even number of mons (#8636, @travisn) * Create a pod disruption budget for the Ceph mgr deployment when two mgrs are requested (#8593, @parth-gr) * Fix error message in UpdateNodeStatus (#8629, @hiroyaonoe) * Avoid multiple reconciles of ceph cluster due to the ipv4 default setting (#8638, @leseb) * Avoid duplicate ownerReferences (#8615, @YZ775) * Auto grow OSDs size on PVCs based on prometheus metrics (#8078, @parth-gr) * External cluster configuration script fixed for backward compatibility with python2 (#8623, @aruniiird) * Fix vault kv secret engine auto-detection (#8618, @leseb) * Add ClusterID and PoolID mappings between local and peer cluster (#8626, @sp98) * Set the filesystem status when mirroring is not enabled (#8609, @travisn) - Update to v1.7.2 Rook v1.7.2 s a patch release limited in scopeand focusing on small feature additions and bug fixes. * Ceph * Merge toleration for osd/prepareOSD pod if specified both places (#8566, @subhamkrai) * Fix panic when recreating the csidriver object (#8582, @Madhu-1) * Build with latest golang v1.16.7 (#8540, @BlaineEXE) * Do not check ok-to-stop when OSDs are in CLBO (#8583, @leseb) * Convert util.NewSet() to sets.NewString() (#8584, @parth-gr) * Add support for update() from lib-bucket-provisioner (#8514, @thotz) * Signal handling with context (#8441, @leseb) * Make storage device config nullable (#8552, @BlaineEXE) * Allow K8s version check on prerelease versions (#8561, @subhamkrai) * Add permissions to rook-ceph-mgr role for osd removal in rook orchestator (#8568, @josephsawaya) * Use serviceAccountName as the key in ceph csi templates (#8546, @humblec) * Consolidate the calls to set mon config (#8590, @travisn) * NFS * Upgrade nfs-ganesha to 3.5 version (#8534, @kam1kaze) - Update to v1.7.1 Rook v1.7.1 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update Ceph CSI version to v3.4.0 (#8425, @Madhu-1) * Add ability to specify the CA bundle for RGW (#8492, @degorenko) * Remove unused mon timeout cli flags (#8489, @leseb) * Add an option to enable/disable merge all placement (#8381, @subhamkrai) * Refuse to failover the arbiter mon on stretch clusters (#8520, @travisn) * Improve topology example of cluster on local pvc (#8491, @satoru-takeuchi) - Update to v1.7.0 v1.7.0 is a minor release with features primarily for the Ceph operator. K8s Version Support Kubernetes supported versions: 1.11 and newer. Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph Breaking Changes Ceph Clusters with multiple filesystems will need to update their Ceph version to Pacific. The Operator configuration option ROOK_ALLOW_MULTIPLE_FILESYSTEMShas been removed in favor of simply verifying the Ceph version is at least Pacific where multiple filesystems are fully supported. Features Ceph * Official Ceph images are now being published to quay.io. To pick up the latest version of Ceph, update your CephCLuster spec field image must be updated to point to quay. See the example cluster. * Add support for creating Hybrid Storage Pools. * A hybrid storage pool creates a CRUSH rule for choosing the primary OSD for high performance devices (ssd, nvme, etc) and the remaining OSD for low performance devices (hdd). * See the design and Ceph docs for more details. * Add support CephFS mirroring peer configuration. See the configuration for more details. * Add support for Kubernetes TLS secrets for referring TLS certs needed for the Ceph RGW server. * Stretch clusters are considered stable * Ceph v16.2.5 or greater is required for stretch clusters * The use of peer secret names in CephRBDMirror is deprecated. Please use CephBlockPool CR to configure peer secret names and import peers. See the mirroring section in the CephBlockPool spec for more details. * Add user data protection when deleting Rook-Ceph Custom Resources. See the design for detailed information. * A CephCluster will not be deleted if there are any other Rook-Ceph Custom resources referencing it with the assumption that they are using the underlying Ceph cluster. * A CephObjectStore will not be deleted if there is a bucket present. In addition to protection from deletion when users have data in the store, this implicitly protects these resources from being deleted when there is a referencing ObjectBucketClaim present. Cassandra * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 NFS * CRDs converted from v1beta1 to v1 *Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 - Update to v1.6.10 Rook v1.6.10 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Reconcile OSD PDB if allowed disruptions are 0 (#8698) * Merge tolerations for the OSDs if specified in both all and osd placement (#8630) * External cluster script compatibility with python2 (#8623) * Do not check ok-to-stop when OSDs are in CLBO (#8583) * Fix panic when recreating the csidriver object (#8582) - Update to v1.6.9 Rook v1.6.9 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Make storage device config nullable (#8552) * Build with latest golang v1.16.7 (#8540) * Refuse to failover the arbiter mon on stretch clusters (#8520) * Add an option to enable/disable merge all placement (#8381) * Update ancillary monitoring resources (#8406) * Updated mon health check goroutine for reconfiguring patch values (#8370) * Releases for v1.6 are now based on Github actions instead of Jenkins (#8525 #8564) - Update to v1.6.8 Rook v1.6.8 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Re-enable lvm mode for OSDs on disks. See details to know if your OSDs are affected by unexpected partitions (#8319) * Update test to watch for v1 cronjob instead of v1beta1 (#8356) * Update PodDisruptionBudget from v1beta1 to v1 (#7977) * Add support for tls certs via k8s tls secrets for rgw (#8243) * Create correct ClusterRoleBinding for helm chart in namespace other than rook-ceph (#8344) * If two mgrs, ensure services are reconciled with the cluster (#8330) * Proxy rbd commands when multus is enabled (#8339) * Proxy ceph command when multus is configured (#8272) * Ensure OSD keyring exists at OSD pod start (#8155) * Add an example of a pvc-based ceph cluster on baremetal (#7969) * Mount /dev for the OSD daemon on lv-backed pvc (#8304) * Add ceph cluster context for lib bucket provisioning reconcile (#8310) * Create PDBs for all rgw and cephfs (#8301) * Always rehydrate the access and secret keys (#8286) * Fix PDB of RGW instances (#8274) * Ability to disable pool mirroring (#8215) * Fetch rgw port from the CephObjectStore the OBC (#8244) * Enable debug logging for adminops client log level is debug (#8208) * Update blockPoolChannel before starting the mirror monitoring (#8222) * Scaling down nfs deployment was failing (#8250) - removed update-tarball.sh (_service file will be used instead) - Update to v1.6.7 Rook v1.6.7 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ignore atari partitions for OSDs when scanning disks. This is a partial fix for multiple OSDs being created unexpectedly per disk, causing OSD corruption. See details to know if your OSDs are affected (#8195) * Update CSIDriver object from betav1 to v1 (#8029) * Retry cluster reconcile immediately after cancellation (#8237) * Avoid operator resource over-usage when configuring RGW pools and memory limits are applied (#8238) * Remove k8s.io/kubernetes as a code dependency (#7913) * Silence harmless errors if the operator is still initializing (#8227) * If MDS resource limits are not set, assign mds_cache_memory_limit = resource requests * 0.8 (#8180) * Do not require rgw instances spec for external clusters (#8219) * Add tls support to external rgw endpoint (#8092) * Stop overwriting shared livenessProbe when overridden (#8206) * Update cluster-on-pvc example for proper OSD scheduling (#8199) - Update to v1.6.6 Rook v1.6.6 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update csi sidecar images to latest release (#8125) * Update csi node-driver-registrar to latest release (#8190) * Evict amon if colocated with another mon (#8181) * Enable logging in legacy LVM OSD daemons (#8175) * Do not leak key encryption key to the log (#8173) * Read and validate CSI params in a goroutine (#8140) * Only require rgw-admin-ops user when an RGW endpoint is provided (#8164) * Avoid unnecessary OSD restarts when multus is configured (#8142) * Use cacert if no client cert/key are present for OSD encryption with Vault (#8157) * Mons in stretch cluster should be assigned to a node when using dataDirHostPath (#8147) * Support cronjob v1 for newer versions of K8s to avoid deprecated v1beta1 (#8114) * Initialise httpclient for bucketchecker and objectstoreuse (#8139) * Activate osd container should use correct host path for config (#8137) * Set device class for already present osd deployments (#8134) * No need for --force when creating filesystem (#8130) * Expose enableCSIHostNetwork correctly in the helm chart (#8074) * Add RBAC for mgr to create service monitor (#8118) * Update operator internal controller runtime and k8s reference version (#8087) - Update to v1.6.5 Rook v1.6.5 is a patch release limited in scope and focusing on small feature additions and bug fixes. We are happy to announce the availability of a Helm chart to configure the CephCluster CR. Please try it out and share feedback! We would like to declare it stable in v1.7. * Ceph * Experimental Helm chart for CephClusters (#7778) * Disable insecure global id if no insecure clients are detected. If insecure clients are still required, see these instructions. (#7746) * Enable host networking by default in the CSI driver due to issues with client IO hangs when the driver restarts (#8102) * Add a disaster recovery guide for an accidentally deleted CephCluster CR (#8040) * Do not fail prepareOSD job if devices are not passed (#8098) * Ensure MDS and RGW are upgraded anytime the ceph image changes (#8060) * External cluster config enables v1 address type whenenabling v2 (#8083) * Create object pools in parallel for faster object store reconcile (#8082) * Fix detection of delete event reconciliation (#8086) * Use RGW admin API for s3 user management (#7998) - Update to v1.6.4 Rook v1.6.4 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Support for separate tolerations and affinities for rbd and cephfs CSI drivers (#8006) * Update ceph version to 15.2.13 (#8004) * External cluster upgrades fix for CRD schema (#8042) * Build with golang 1.16 instead of 1.15 (#7945) * Retry starting CSI drivers on initial failure (#8020) * During uninstall stop monitoring rbd mirroring before cleanup (#8031) * Update the backend path for RGW transit engine (#8008) * If reducing mon count only remove one extra mon per health check (#8011) * Parse radosgw-admin json properly for internal commands (#8000) * Expand OSD PVCs only if the underlying storage class allow expansion (#8001) * Allow the operator log level to be changed dynamically (#7976) * Pin experimental volume replication to release-v0.1 branch (#7985) * Remove '--site-name' arg when creating bootstrap peer token (#7986) * Do not configure external metric endpoint if not present (#7974) * Helm chart to allow multiple filesystems (#7930) * Rehydrate the bootstrap peer token secret on monitor changes (#7935) - Update to v1.6.3 Rook v1.6.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ensure correct devices are started for OSDs after node restart (#7951) * Write reconcile results to events on the CephCluster CR (#7222) * Updated dashboard ingress example for networking v1 (#7933) * Remove obsolete gateway type setting in object store CRD (#7919) * Support specifying only public network or only cluster network or both (#7546) * Generate same operator deployment for OKD as OCP (#7898) * Ensure correct hostpath lock forOSD integrity (#7886) * Improve resilience of mon failover if operator is restarted during failover (#7884) * Disallow overriding the liveness probe handler function (#7889) * Actively update the service endpoint for external mgr (#7875) * Remove obsolete CSI statefulset template path vars from K8s 1.13 (#7877) * Create crash collector pods after mon secret created (#7867) * OSD controller only updates PDBs during node drains instead of any OSD down event (#7726) * Allow heap dump generation when logCollector sidecar is not running (#7847) * Add nullable to object gateway settings (#7857) - Update to v1.6.2 Rook v1.6.2 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Set base Ceph operator image and example deployments to v16.2.2 (#7829) * Update snapshot APIs from v1beta1 to v1 (#7711) * Documentation for creating static PVs (#7782) * Allow setting primary-affinity for the OSD (#7807) * Remove unneeded debug log statements (#7526) * Preserve volume claim template annotations during upgrade (#7835) * Allow re-creating erasure coded pool with different settings (#7820) * Double mon failover timeout during a node drain (#7801) * Remove unused volumesource schema from CephCluster CRD (#7813) * Set the device class on raw mode osds (#7815) * External cluster schema fix to allow not setting mons (#7789) * Add phase to the CephFilesystem CRD (#7752) * Generate full schema for volumeClaimTemplates in the CephCluster CRD (#7631) * Automate upgrades for the MDS daemon to properly scale down and scale up (#7445) * Add Vault KMS support for object stores (#7385) * Ensure object store endpoint is initialized when creating an object user (#7633) * Support for OBC operations when RGW is configured with TLS (#7764) * Preserve the OSD topology affinity during upgrade for clusters on PVCs (#7759) * Unify timeouts for various Ceph commands (#7719) * Allow settingannotations on RGW service (#7598) * Expand PVC size of mon daemons if requested (#7715) - Update to v1.6.1 Rook v1.6.1 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Disable host networking by default in the CSI plugin with option to enable (#7356) * Fix the schema for erasure-coded pools so replication size is not required (#7662) * Improve node watcher for adding new OSDs (#7568) * Operator base image updated to v16.2.1 (#7713) * Deployment examples updated to Ceph v15.2.11 (#7733) * Update Ceph-CSI to v3.3.1 (#7724) * Allow any device class for the OSDs in a pool instead of restricting the schema (#7718) * Fix metadata OSDs for Ceph Pacific (#7703) * Allow setting the initial CRUSH weight for an OSD (#7472) * Fix object store health check in case SSL is enabled (#7331) * Upgrades now ensure latest config flags are set for MDS and RGW (#7681) * Suppress noisy RGW log entry for radosgw-admin commands (#7663) - Update to v1.6.0 * Major Themes v1.6.0 is a minor release with features primarily for the Ceph operator. * K8s Version Support Kubernetes supported versions: 1.11 and newer * Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph * Breaking Changes * Removed Storage Providers Each storage provider is unique and requires time and attention to properly develop and support. After much discussion with the community, we have decided to remove three storage providers from Rook in order to focus our efforts on storage providers that have active community support. See the project status for more information. These storage providers have been removed: * CockroachDB * EdgeFS * YugabyteDB * Ceph Support for creating OSDs via Drive Groups was removed. Please refer to the Ceph upgrade guide for migration instructions. * Features * Ceph Ceph Pacific (v16)support, including features such as: Multiple Ceph Filesystems Networking dual stack CephFilesystemMirror CRD to support mirroring of CephFS volumes with Pacific Ceph CSI Driver CSI v3.3.0 driver enabled by default Volume Replication Controller for improved RBD replication support Multus support GRPC metrics disabled by default Ceph RGW Extended the support of vault KMS configuration Scale with multiple daemons with a single deployment instead of a separate deployment for each rgw daemon OSDs: LVM is no longer used to provision OSDs as of Nautilus 14.2.14 Octopus 15.2.9, and Pacific 16.2.0, simplifying the OSDs on raw devices, except for encrypted OSDs and multiple OSDs per device. More efficient updates for multiple OSDs at the same time (in the same failure domain) to speed up upgrades for larger Ceph clusters Multiple Ceph mgr daemons are supported for stretch clusters and other clusters where HA of the mgr is critical (set count: 2 under mgr in the CephCluster CR) Pod Disruption Budgets (PDBs) are enabled by default for Mon, RGW, MDS, and OSD daemons. See the disruption management settings. Monitor failover can be disabled, for scenarios where maintenance is planned and automatic mon failover is not desired CephClient CRD has been converted to use the controller-runtime library The following package changes have been done: - ceph-csi-3.4.0+git0.94ef181bc-5.24.3 updated - device-mapper-1.02.163-8.39.1 updated - libdevmapper-event1_03-1.02.163-8.39.1 updated - libdevmapper1_03-1.02.163-8.39.1 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - liblvm2cmd2_03-2.03.05-8.39.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - lvm2-2.03.05-8.39.1 updated - openssl-1_1-1.1.1d-11.38.1 updated - permissions-20181225-23.12.1 updated - python3-configshell-fb-1.1.29-3.3.1 updated - rpm-4.14.1-22.7.1 updated -shared-mime-info-1.12-3.3.1 updated - container:ceph-image-1.0.0-6.93 updated . This notification outlines an essential revision for cephcsi within SUSE container environments, responding to numerous safety issues.. CephCSI Update,SUSE Container Advisory,Container Security Update. . Severity: Important. LinuxSecurity.com Team
Jan 25, 2022
•Important
SuSE
172
security advisorydenial of serviceubuntuUbuntu 10.04 LTS: 1001-1 Moderate: LVM2 Credential Issue DoS
The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly validate credentials. A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster. [More...]. ==========================================================Ubuntu Security Notice USN-1001-1 October 06, 2010 lvm2 vulnerability CVE-2010-2526 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: clvm 2.02.02-1ubuntu1.6 Ubuntu 8.04 LTS: clvm 2.02.26-1ubuntu9.1 Ubuntu 9.04: clvm 2.02.39-0ubuntu9.1 Ubuntu 9.10: clvm 2.02.39-0ubuntu11.1 Ubuntu 10.04 LTS: clvm 2.02.54-1ubuntu4.1 In general, a standard system update will make all the necessary changes. In a clustering environment, you need to restart clvmd after the update. Details follow: The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly validate credentials. A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 23084 0b3f64de96c9b259a6ef2769946f1e23 Size/MD5: 798 2005fade3f0eab833f8dc298dff25dc4 Size/MD5: 477665 e5dfc205aaf673fecb3c1c15164d718c amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 193890 fc1605c8d8358720167cc587b4c6e750 Size/MD5: 198688 b34a16e5e6d7132690bc795b4462db6a Size/MD5: 302348afc947cfd64a2cf764ac824df3aa6714 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 173624 2b7808f8cf8c3d04510514cac0e1e32a Size/MD5: 171898 6ff8ce5077fc3ffa52facd8327ff8c30 Size/MD5: 279694 ee0be92486aad4c98655ffeabb9066e6 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 197078 bf2848d3a77e6fdef5bf3fd72ce4c97d Size/MD5: 189558 43368dbc246f5ccf7bbe5f837ff607d4 Size/MD5: 305146 2bf0804f159411ebd16ece0e1f4c3e88 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 192050 7bfe11bf05d122ace63b13bc097d02b1 Size/MD5: 195832 0d0fc85a2db41997003d64ee2b97c11f Size/MD5: 301914 08c3ec1d2b497c0ea7dacbf60e8bd00a Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 17226 7ad064c5e17a791ea9ff7138a8b43b8b Size/MD5: 875 19693df12de08471c95d38b7125ddb52 Size/MD5: 532355 caa50b5ebd4f27ba57836a805f49e6da amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 212496 fdbd428da1cc23930edb747344f1e614 Size/MD5: 219252 913d218ec8a6f69b2fec929819eb3ef5 Size/MD5: 333082 6ba529db36ba122830ea7ef38b59110d i386 architecture (x86 compatible Intel/AMD): Size/MD5: 202906 6f5d873b18820bce3d709b97fef42e8d Size/MD5: 202976 025fc6b34d73b5e6c157fa6b40b5a65c Size/MD5: 324570 92a3744440ac46a91bea87d852a6aebd lpia architecture (Low Power Intel Architecture): Size/MD5: 197442 1a7330ed70ff7c2218835f1211e893c5 Size/MD5: 201118 7aa6fbde9406063044c9f95b8217e3fc Size/MD5: 316576 548012adc67d5ecc41560d6ea8da7cf0 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 222174 eb96454e9c5348210c1e3d1424097064 Size/MD5: 218018 17f3b8a3d281fa6579fa5772db30f297 Size/MD5: 342522 e74deb1f952906d1aabf888bb7ec8058 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 209216 9c62ce7af2cbfe87e569b1bb8c6ba3ef Size/MD5: 222010 1637774926380aef97d6cb18be619c85 Size/MD5: 328246 36ff2afb49a6638ede8c5dd2cd755eac Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 22388 5356d3b53507768ef22c5b42a397e714 Size/MD5: 1350 62abcea09461364236628cd5fa38b781 Size/MD5: 578005 32ad429461070f0813aff758e0988bc2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 245570 09991de6dc9e18d64c1aac16a0bb058a Size/MD5: 229600 52bc38bf12a2e946d2f147c63024f5fd Size/MD5: 368692 8cb8864e009696bc7fa8bc4a7c3b2e15 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 235108 e677dcf04e1f02f21e4983648a5bcc8a Size/MD5: 213302 c2d8ad6761c0388af6f324db4cdb90e2 Size/MD5: 359728 8ce369e94599e6db2528c5de94711b43 lpia architecture (Low Power Intel Architecture): Size/MD5: 228172 1dc9fac082af2cbdb2c2c95cb51b322d Size/MD5: 212010 ce9836479736b2798165b9d2958c553f Size/MD5: 349674 ff62aaa377ad0812455ad7ab43f5553a powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 250962 dc3b75795012d17342a5c2aaeef66548 Size/MD5: 224486 29cba21376f446223b746d4d950c682b Size/MD5: 372682 5fe055126e5c72a14102695b2f7bc65d sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 236866 de0c408b3125abbf4811341ecb4d1b9c Size/MD5: 228694 24f0ac1948984422c8a69bb222749911 Size/MD5: 357278 f26499b00b4735f490179b7584fe5be0 Updated packages for Ubuntu 9.10: Source archives: Size/MD5: 22542 b709f6d8ca6b08b4918f4bf27611b7a9 Size/MD5: 1354 d4a27fe8a44100ea20c54badb059b1bf Size/MD5: 578005 32ad429461070f0813aff758e0988bc2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 246726 26d592188ca67dd2748ef7a20955aab7 Size/MD5: 230540 8a57dba84f8afbc9c887288b362a8ecc Size/MD5: 370736 b763ee5f1b5160dd8298b73acdd56a3a i386 architecture (x86 compatible Intel/AMD): Size/MD5: 235516 0f906b693bc090455df5b86260f43eec Size/MD5: 214148 88fb359718a76502337f96bbb3e11678 Size/MD5: 360662 09e36793195650e349f6cf61b2584007 lpia architecture (Low Power Intel Architecture): Size/MD5: 230692 26a1e56de91f0a0929862a9ce894ca29 Size/MD5: 212890 d545df0126e93379c5dae53111c9a4eb Size/MD5: 352830 be0841cd72e0d8d0a3815889c541f680 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 249322 a25dd0adcdaeb34a1e9157380f4cc77c Size/MD5: 236518 a1b30ebcadc91e130a4822d22595b8f2 Size/MD5: 371840 7345d69d1e0f686787bc7a49cf5bbb97 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 236702 7b133a11dd076b1926415cb4904889ef Size/MD5: 230884 25e0e4b09bfa9166ae9ff29a90299013 Size/MD5: 357436 ac3cef67c7f1c4b62e87e313006c1f26 Updated packages for Ubuntu 10.04 LTS: Source archives: Size/MD5: 40302 221951e1f20686ab24e5bd95d00ad150 Size/MD5: 1532 92582894649ce59f2baf345cd40cf52e Size/MD5: 834044 5ecaae2b53babc94a9eaf7ec463755d6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 271958 d65b97f88a758bc51223b86c2f7b2155 Size/MD5: 24202 0a3da6d518112e06e2ad684df3718123 Size/MD5: 56366 06a326ed5e05187804efa0a07e01eee8 Size/MD5: 112568 7df4738aba3b8b38d592c910c53ba307 Size/MD5: 28648 b1195284708b28a6b86eac0dbf24a745 Size/MD5: 50336 94573230277f8ba2a0ea1f368ff90480 Size/MD5: 82604 7d44f41c34390b39f8c6682ab7b2909d Size/MD5: 245894 ccbb0e28a4eeea93cf3bf44202d31a9f Size/MD5: 423276 d67ebe9d1c746c81f27a6e3ac1793de9 Size/MD5: 32368 858e43dd1fdb812d6bad04d582250ba4 i386 architecture(x86 compatible Intel/AMD): Size/MD5: 260288 f8febb2edda7f07c28a3e190d8022d0a Size/MD5: 22210 f36a9005b3330f5a380a659c06317134 Size/MD5: 54636 220a40cf8a1c591a65b1f0c8f7ddd52f Size/MD5: 107356 975ad72ad82ee169089ce634fd6f4cc6 Size/MD5: 27454 d4bc8cc8692ef4f649a93d02e5bd8914 Size/MD5: 42822 7e88f3a08a2486af7c34486e62ae7b37 Size/MD5: 76912 a698213ce2b0d13dfe08bda6b9a028e4 Size/MD5: 225636 633dcd7d1f30dc27771163af55eac105 Size/MD5: 408938 e70eb9fc1a3d3566bc4cefc4781f0a0e Size/MD5: 31144 8d05466f3e6928b74fd492fa23c60c04 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 273472 7994e636707ff39d1521cc893bc7d542 Size/MD5: 24060 542a0c658daf97074ef750fa75211a77 Size/MD5: 55242 d1778b902742bf1d7a58c55021c4eac0 Size/MD5: 103002 2e6def57fadf13f6aa8ea14321f34695 Size/MD5: 28326 2901e3a8e454c31a30fcd725e2a08c9f Size/MD5: 48278 9bcfe05697e42d8ec017032ec597a8d1 Size/MD5: 79124 c6a8a573c7e68219df1dd41af0ab2138 Size/MD5: 250186 1b2b2e679d97fafb2658c8326c48aa3c Size/MD5: 420224 bf98e4ab40052962c6cf12d279380a9c Size/MD5: 32234 d655eeb76776593d08ad47b8b27217dd sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 271656 ffa3838ecdc60c9402affe793e02ac16 Size/MD5: 24766 acf7e3c436a3ffd3daa8076a127cc9c4 Size/MD5: 55582 771a9761fdee6b6d28ad2c3fddd8b9d0 Size/MD5: 115286 44c6b8d063ecaec0c05703e8bf2def69 Size/MD5: 27532 b1b3cb039dc86d09e181b582f979af32 Size/MD5: 47054 790b8007c6cd805d4655bcadcdce3018 Size/MD5: 76842 43faf1eeb2eff154f8caaf815759b2e6 Size/MD5: 252006 3afa1c3d2fa2173ccc521050ab7499af Size/MD5: 418534 4afd88c0898b7407491c666f0eec4348 Size/MD5: 31790 6a830031eb5bd45b58c8abb8945c0261 .==========================================================Ubuntu Security Notice USN-1001-1 October . cluster, logical, volume, manager, daemon, (clvmd), correctly, validate, credentials. . Severity: Important. LinuxSecurity.com Team
Oct 06, 2010
•Important
Ubuntu
87
security advisorydebiandoSDebian 5.0 moderate: lvm2 clvmd Denial Of Service Issue
Alasdair Kergon discovered that the cluster logical volume manager daemon (clvmd) in lvm2, The Linux Logical Volume Manager, does not verify client credentials upon a socket connection, which allows local users to cause a . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2095-1
Aug 23, 2010
•Important
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!