SUSE-SU-2015:1102-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2015/suse-su-20151102-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1102-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:1102-1
Related
Published
2015-05-31T20:53:33Z
Modified
2015-05-31T20:53:33Z
Summary
Security update for SES 1.0
Details

This collective update for SUSE Enterprise Storage 1.0 provides fixes and enhancements.

ceph (update to version 0.80.9):

  • Support non-ASCII characters. (bnc#907510)
  • Fixes issue with more than one OSD / MON on same node. (bnc#927862)
  • Reinstates Environment=CLUSTER=ceph lines removed by last patch. (bnc#915567)
  • Use same systemd service files for all cluster names. (bnc#915567)
  • In OSDMonitor fallback to json-pretty in case of invalid formatter. (bnc#919313)
  • Increase max files to 131072 for ceph-osd daemon. (bnc#924894)
  • Fix 'OSDs shutdown during rados benchmark tests'. (bnc#924269)
  • Add SuSEfirewall2 service files for Ceph MON, OSD and MDS. (bnc#919091)
  • Added support for multiple cluster names with systemd to ceph-disk. (bnc#915567)
  • Move udev rules for rbd devices to the client package ceph-common.
  • Several issues reported upstream have been fixed: #9973 #9918 #9907 #9877 #9854 #9587 #9479 #9478 #9254 #5595 #10978 #10965 #10907 #10553 #10471 #10421 #10307 #10299 #10271 #10271 #10270 #10262 #10103 #10095.

ceph-deploy:

  • Drop support for multiple customer names on the same hardware. (bsc#915567)
  • Check for errors when generating rgw keys. (bsc#915783)
  • Do not import new repository keys automatically when installing packages with Zypper. (bsc#919965)
  • Improved detection of disk vs. OSD block devices with a simple set of tests. (bsc#889053)
  • Do not create keyring files as world-readable. (bsc#920926, CVE-2015-3010)
  • Added support for multiple cluster names with systemd to ceph-disk. (bnc#915567)

calamari-clients:

  • Reduce krakenFailThreshold to 5 minutes. (bsc#903007)

python-Pillow (update to version 2.7.0):

  • Fix issues in Jpeg2KImagePlugin and IcnsImagePlugin which could have allowed denial of service attacks. (CVE-2014-3598, CVE-2014-3589)

python-djangorestframework:

  • Escape URLs when replacing format= query parameter, as used in dropdown on GET button in browsable API to allow explicit selection of JSON vs HTML output. (bsc#929914)
  • Escape request path when it is include as part of the login and logout links in the browsable API. (bsc#929886)

For a comprehensive list of changes please refer to each package's change log.

References

Affected packages

SUSE:Enterprise Storage 1.0 / calamari-clients

Package

Name
calamari-clients
Purl
purl:rpm/suse/calamari-clients&distro=SUSE%20Enterprise%20Storage%201.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.2+git.1428648634.40dfe5b-3.1

Ecosystem specific 

{
    "binaries": [
        {
            "python-djangorestframework": "2.3.12-4.2",
            "ceph-deploy": "1.5.19+git.1431355031.6178cf3-9.1",
            "librbd1": "0.80.9-5.1",
            "python-ceph": "0.80.9-5.1",
            "ceph-fuse": "0.80.9-5.1",
            "ceph-common": "0.80.9-5.1",
            "calamari-clients": "1.2.2+git.1428648634.40dfe5b-3.1",
            "librados2": "0.80.9-5.1",
            "ceph": "0.80.9-5.1",
            "rbd-fuse": "0.80.9-5.1",
            "ceph-test": "0.80.9-5.1",
            "ceph-radosgw": "0.80.9-5.1",
            "libcephfs1": "0.80.9-5.1",
            "python-Pillow": "2.7.0-4.1"
        }
    ]
}

SUSE:Enterprise Storage 1.0 / ceph

Package

Name
ceph
Purl
purl:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%201.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.80.9-5.1

Ecosystem specific 

{
    "binaries": [
        {
            "python-djangorestframework": "2.3.12-4.2",
            "ceph-deploy": "1.5.19+git.1431355031.6178cf3-9.1",
            "librbd1": "0.80.9-5.1",
            "python-ceph": "0.80.9-5.1",
            "ceph-fuse": "0.80.9-5.1",
            "ceph-common": "0.80.9-5.1",
            "calamari-clients": "1.2.2+git.1428648634.40dfe5b-3.1",
            "librados2": "0.80.9-5.1",
            "ceph": "0.80.9-5.1",
            "rbd-fuse": "0.80.9-5.1",
            "ceph-test": "0.80.9-5.1",
            "ceph-radosgw": "0.80.9-5.1",
            "libcephfs1": "0.80.9-5.1",
            "python-Pillow": "2.7.0-4.1"
        }
    ]
}

SUSE:Enterprise Storage 1.0 / ceph-deploy

Package

Name
ceph-deploy
Purl
purl:rpm/suse/ceph-deploy&distro=SUSE%20Enterprise%20Storage%201.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.19+git.1431355031.6178cf3-9.1

Ecosystem specific 

{
    "binaries": [
        {
            "python-djangorestframework": "2.3.12-4.2",
            "ceph-deploy": "1.5.19+git.1431355031.6178cf3-9.1",
            "librbd1": "0.80.9-5.1",
            "python-ceph": "0.80.9-5.1",
            "ceph-fuse": "0.80.9-5.1",
            "ceph-common": "0.80.9-5.1",
            "calamari-clients": "1.2.2+git.1428648634.40dfe5b-3.1",
            "librados2": "0.80.9-5.1",
            "ceph": "0.80.9-5.1",
            "rbd-fuse": "0.80.9-5.1",
            "ceph-test": "0.80.9-5.1",
            "ceph-radosgw": "0.80.9-5.1",
            "libcephfs1": "0.80.9-5.1",
            "python-Pillow": "2.7.0-4.1"
        }
    ]
}

SUSE:Enterprise Storage 1.0 / python-Pillow

Package

Name
python-Pillow
Purl
purl:rpm/suse/python-Pillow&distro=SUSE%20Enterprise%20Storage%201.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.0-4.1

Ecosystem specific 

{
    "binaries": [
        {
            "python-djangorestframework": "2.3.12-4.2",
            "ceph-deploy": "1.5.19+git.1431355031.6178cf3-9.1",
            "librbd1": "0.80.9-5.1",
            "python-ceph": "0.80.9-5.1",
            "ceph-fuse": "0.80.9-5.1",
            "ceph-common": "0.80.9-5.1",
            "calamari-clients": "1.2.2+git.1428648634.40dfe5b-3.1",
            "librados2": "0.80.9-5.1",
            "ceph": "0.80.9-5.1",
            "rbd-fuse": "0.80.9-5.1",
            "ceph-test": "0.80.9-5.1",
            "ceph-radosgw": "0.80.9-5.1",
            "libcephfs1": "0.80.9-5.1",
            "python-Pillow": "2.7.0-4.1"
        }
    ]
}

SUSE:Enterprise Storage 1.0 / python-djangorestframework

Package

Name
python-djangorestframework
Purl
purl:rpm/suse/python-djangorestframework&distro=SUSE%20Enterprise%20Storage%201.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.12-4.2

Ecosystem specific 

{
    "binaries": [
        {
            "python-djangorestframework": "2.3.12-4.2",
            "ceph-deploy": "1.5.19+git.1431355031.6178cf3-9.1",
            "librbd1": "0.80.9-5.1",
            "python-ceph": "0.80.9-5.1",
            "ceph-fuse": "0.80.9-5.1",
            "ceph-common": "0.80.9-5.1",
            "calamari-clients": "1.2.2+git.1428648634.40dfe5b-3.1",
            "librados2": "0.80.9-5.1",
            "ceph": "0.80.9-5.1",
            "rbd-fuse": "0.80.9-5.1",
            "ceph-test": "0.80.9-5.1",
            "ceph-radosgw": "0.80.9-5.1",
            "libcephfs1": "0.80.9-5.1",
            "python-Pillow": "2.7.0-4.1"
        }
    ]
}