SUSE-SU-2019:2736-1

Source
https://www.suse.com/support/update/announcement/2019/suse-su-20192736-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:2736-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2019:2736-1
Related
Published
2019-10-22T09:07:31Z
Modified
2019-10-22T09:07:31Z
Summary
Security update for ceph, ceph-iscsi, ses-manual_en
Details

This update for ceph, ceph-iscsi and ses-manual_en fixes the following issues:

Security issues fixed:

  • CVE-2019-10222: Fixed RGW crash caused by unauthenticated clients. (bsc#1145093)

Non-security issues-fixed:

  • ceph-volume: prints errors to stdout with --format json (bsc#1132767)
  • mgr/dashboard: Changing rgw-api-host does not get effective without disable/enable dashboard mgr module (bsc#1137503)
  • mgr/dashboard: Silence Alertmanager alerts (bsc#1141174)
  • mgr/dashboard: Fix e2e failures caused by webdriver version (bsc#1145759)
  • librbd: always try to acquire exclusive lock when removing image (bsc#1149093)
  • The no{up,down,in,out} related commands have been revamped (bsc#1151990)
  • radosgw-admin gets two new subcommands for managing expire-stale objects. (bsc#1151991)
  • Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from SES5 breaks pool utilization stats reported by ceph df (bsc#1151992)
  • Ceph cluster will no longer issue a health warning if CRUSH tunables are older than 'hammer' (bsc#1151993)
  • Nautilus-based librbd clients can not open images on Jewel clusters (bsc#1151994)
  • The RGW numradoshandles has been removed in Ceph 14.2.3 (bsc#1151995)
  • 'osddeepscrublargeomapobjectkey_threshold' has been lowered in Nautilus 14.2.3 (bsc#1152002)
  • Support iSCSI target-level CHAP authentication (bsc#1145617)
  • Validation and render of iSCSI controls based 'type' (bsc#1140491)
  • Fix error editing iSCSI image advanced settings (bsc#1146656)
  • Fix error during iSCSI target edit

Fixes in ses-manual_en:

  • Added a new chapter with changelogs of Ceph releases. (bsc#1135584)
  • Rewrote rolling updates and replaced running stage.0 with manual commands to prevent infinite loop. (bsc#1134444)
  • Improved name of CaaSP to its fuller version. (bsc#1151439)
  • Verify which OSD's are going to be removed before running stage.5. (bsc#1150406)
  • Added two additional steps to recovering an OSD. (bsc#1147132)

Fixes in ceph-iscsi:

  • Validate kernel LIO controls type and value (bsc#1140491)
  • TPG lun_id persistence (bsc#1145618)
  • Target level CHAP authentication (bsc#1145617)

ceph-iscsi was updated to the upstream 3.2 release:

  • Always use host FQDN instead of shortname
  • Validate min/max value for target controls and rbd:user/tcmu-runner image controls (bsc#1140491)
References

Affected packages