SUSE-SU-2017:3171-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:3171-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2017:3171-1
- Related
- Published
- 2017-12-01T10:31:17Z
- Modified
- 2017-12-01T10:31:17Z
- Summary
- Security update for ceph
- Details
-
This update provides Ceph 10.2.10, which brings fixes and enhancements:
This security issue was fixed:
- CVE-2017-7519: libradosstriper processes arbitrary printf placeholders in user input. (bsc#1043767)
- CVE-2016-9579: Do not abort RGW server when accepting a CORS request with short origin. (bsc#1014986)
These non-security issues were fixed:
- common: Add rdbmap to ceph-common. (bsc#1029482)
- tools/rados: Default to include clone objects when executing 'cache-flush-evict-all'. (bsc#1003891)
- mon, ceph-disk: Add lockbox permissions to bootstrap-osd. (bsc#1008435)
- cephvolumeclient: Fix recoverauth_meta() method. (bsc#1008501)
- systemd/ceph-disk: Reduce ceph-disk flock contention. (bsc#1012100)
- doc: Add verbiage to rbdmap manpage. (bsc#1015748)
- doc: Add Install section to systemd rbdmap.service file. (bsc#1015748)
- ceph systemd dependencies are wrong (bsc#1042973)
- ceph-disk omits '--runtime' when enabling ceph-osd units (was: ERROR: unable to open OSD superblock) (bsc#1051598)
- SES4: 23 osd's are down after patching node. (bsc#1056536)
- Invalid error code returned by MDS is causing a kernel client WARNING (bsc#1028109)
- systemctl stop rbdmap unmaps ALL rbds and not just the ones in /etc/ceph/rbdmap (bsc#1024691)
- documentation: man crushtool does not cover the '--show-mappings' parameter (bsc#1033786)
- swift | This returns with HTTP/1.1 401 Unauthorized (bsc#1015371)
- OSDs fail to start after server reboot (bsc#1025643)
- 'ceph-deploy mds destroy' not implemented (bsc#970642)
- References
-
- https://www.suse.com/support/update/announcement/2017/suse-su-20173171-1/
- https://bugzilla.suse.com/1003891
- https://bugzilla.suse.com/1008435
- https://bugzilla.suse.com/1008501
- https://bugzilla.suse.com/1012100
- https://bugzilla.suse.com/1014986
- https://bugzilla.suse.com/1015371
- https://bugzilla.suse.com/1015748
- https://bugzilla.suse.com/1024691
- https://bugzilla.suse.com/1025643
- https://bugzilla.suse.com/1028109
- https://bugzilla.suse.com/1029482
- https://bugzilla.suse.com/1033786
- https://bugzilla.suse.com/1042973
- https://bugzilla.suse.com/1043767
- https://bugzilla.suse.com/1051598
- https://bugzilla.suse.com/1056536
- https://bugzilla.suse.com/970642
- https://www.suse.com/security/cve/CVE-2016-9579
- https://www.suse.com/security/cve/CVE-2017-7519
Affected packages
SUSE:Enterprise Storage 3 / ceph
Package
- Name
- ceph
- Purl
- purl:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%203
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.2.10+git.1510313171.6d5f0aeac1-13.7.3
Ecosystem specific
{
"binaries": [
{
"rbd-mirror": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-osd": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"librbd1": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"python-ceph-compat": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-fuse": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-common": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-mds": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"librgw2": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"python-rbd": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"librados2": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-mon": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-test": "10.2.10+git.1510313171.6d5f0aeac1-13.7.2",
"rbd-nbd": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-radosgw": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"libcephfs1": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-base": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"python-rados": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"python-cephfs": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"libradosstriper1": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"rbd-fuse": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3"
}
]
}
SUSE:Enterprise Storage 3 / ceph-test
Package
- Name
- ceph-test
- Purl
- purl:rpm/suse/ceph-test&distro=SUSE%20Enterprise%20Storage%203
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.2.10+git.1510313171.6d5f0aeac1-13.7.2
Ecosystem specific
{
"binaries": [
{
"rbd-mirror": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-osd": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"librbd1": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"python-ceph-compat": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-fuse": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-common": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-mds": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"librgw2": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"python-rbd": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"librados2": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-mon": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-test": "10.2.10+git.1510313171.6d5f0aeac1-13.7.2",
"rbd-nbd": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-radosgw": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"libcephfs1": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"ceph-base": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"python-rados": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"python-cephfs": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"libradosstriper1": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3",
"rbd-fuse": "10.2.10+git.1510313171.6d5f0aeac1-13.7.3"
}
]
}