SUSE-SU-2019:2994-1

Source
https://www.suse.com/support/update/announcement/2019/suse-su-20192994-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:2994-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2019:2994-1
Related
Published
2019-11-18T12:34:35Z
Modified
2019-11-18T12:34:35Z
Summary
Security update for ceph
Details

This update for ceph fixes the following issues:

  • A previous update introduced a regression with the potential to cause RocksDB data corruption in Nautilus (bsc#1156282).

  • Support for iSCSI target-level CHAP authentication was added (bsc#1145617).

  • Implemented validation and rendering of iSCSI controls based 'type' (bsc#1140491).

  • Fixed an error while editing iSCSI image advanced settings (bsc#1146656).

  • Fixed a ceph-volume regression. SES customers were never exposed to this regression (bsc#1132767).

  • Fixed a denial of service vulnerability where an unauthenticated client of Ceph Object Gateway could trigger a crash from an uncaught exception (bsc#1145093, CVE-2019-10222)

  • Nautilus-based librbd clients could not open images on Jewel clusters (bsc#1151994).

  • The RGW numradoshandles has been removed (bsc#1151995).

  • 'osddeepscrublargeomapobjectkey_threshold' has been lowered in Nautilus (bsc#1152002).

  • The ceph dashboard now supports silencing Prometheus notifications (bsc#1141174).

  • The no{up,down,in,out} related commands have been revamped (bsc#1151990).

  • Radosgw-admin got two new subcommands for managing expire-stale objects (bsc#1151991)..

  • Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from SES5 used to break pool utilization stats reported by ceph df (bsc#1151992).

  • Ceph clusters will issue a health warning if CRUSH tunables are older than 'hammer' (bsc#1151993).

  • Ceph-volume prints errors to stdout with --format json (bsc#1132767).

  • Changing rgw-api-host in the dashboard does not get effective without disable/enable dashboard mgr module (bsc#1137503).

  • Silenced Alertmanager alerts in the dashboard (bsc#1141174).

  • Fixed e2e failures in the dashboard caused by webdriver version (bsc#1145759)

  • librbd always tries to acquire exclusive lock when removing image an (bsc#1149093).

Fixes in ses-manual_en:

  • Added a new chapter with changelogs of Ceph releases. (bsc#1135584)
  • Rewrote rolling updates and replaced running stage.0 with manual commands to prevent infinite loop. (bsc#1134444)
  • Improved name of CaaSP to its fuller version. (bsc#1151439)
  • Verify which OSD's are going to be removed before running stage.5. (bsc#1150406)
  • Added two additional steps to recovering an OSD. (bsc#1147132)

Fixes in ceph-iscsi:

  • Validate kernel LIO controls type and value (bsc#1140491)
  • TPG lun_id persistence (bsc#1145618)
  • Target level CHAP authentication (bsc#1145617)

ceph-iscsi was updated to the upstream 3.2 release:

  • Always use host FQDN instead of shortname
  • Validate min/max value for target controls and rbd:user/tcmu-runner image controls (bsc#1140491)
References

Affected packages

SUSE:Enterprise Storage 6 / ceph-iscsi

Package

Name
ceph-iscsi
Purl
pkg:rpm/suse/ceph-iscsi&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3+1570532654.g93940a4-3.7.1

Ecosystem specific

{
    "binaries": [
        {
            "ses-manual_en": "6+git145.1558531-3.17.1",
            "ceph-iscsi": "3.3+1570532654.g93940a4-3.7.1",
            "ses-admin_en-pdf": "6+git145.1558531-3.17.1",
            "ses-deployment_en-pdf": "6+git145.1558531-3.17.1"
        }
    ]
}

SUSE:Enterprise Storage 6 / ses-manual_en

Package

Name
ses-manual_en
Purl
pkg:rpm/suse/ses-manual_en&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6+git145.1558531-3.17.1

Ecosystem specific

{
    "binaries": [
        {
            "ses-manual_en": "6+git145.1558531-3.17.1",
            "ceph-iscsi": "3.3+1570532654.g93940a4-3.7.1",
            "ses-admin_en-pdf": "6+git145.1558531-3.17.1",
            "ses-deployment_en-pdf": "6+git145.1558531-3.17.1"
        }
    ]
}