SUSE-SU-2019:2994-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:2994-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2019:2994-1
- Related
- Published
- 2019-11-18T12:34:35Z
- Modified
- 2019-11-18T12:34:35Z
- Summary
- Security update for ceph
- Details
-
This update for ceph fixes the following issues:
A previous update introduced a regression with the potential to cause RocksDB data corruption in Nautilus (bsc#1156282).
Support for iSCSI target-level CHAP authentication was added (bsc#1145617).
Implemented validation and rendering of iSCSI controls based 'type' (bsc#1140491).
Fixed an error while editing iSCSI image advanced settings (bsc#1146656).
Fixed a ceph-volume regression. SES customers were never exposed to this regression (bsc#1132767).
Fixed a denial of service vulnerability where an unauthenticated client of Ceph Object Gateway could trigger a crash from an uncaught exception (bsc#1145093, CVE-2019-10222)
Nautilus-based librbd clients could not open images on Jewel clusters (bsc#1151994).
The RGW numradoshandles has been removed (bsc#1151995).
'osddeepscrublargeomapobjectkey_threshold' has been lowered in Nautilus (bsc#1152002).
The ceph dashboard now supports silencing Prometheus notifications (bsc#1141174).
The no{up,down,in,out} related commands have been revamped (bsc#1151990).
Radosgw-admin got two new subcommands for managing expire-stale objects (bsc#1151991)..
Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from SES5 used to break pool utilization stats reported by ceph df (bsc#1151992).
Ceph clusters will issue a health warning if CRUSH tunables are older than 'hammer' (bsc#1151993).
Ceph-volume prints errors to stdout with --format json (bsc#1132767).
Changing rgw-api-host in the dashboard does not get effective without disable/enable dashboard mgr module (bsc#1137503).
Silenced Alertmanager alerts in the dashboard (bsc#1141174).
Fixed e2e failures in the dashboard caused by webdriver version (bsc#1145759)
librbd always tries to acquire exclusive lock when removing image an (bsc#1149093).
Fixes in ses-manual_en:
- Added a new chapter with changelogs of Ceph releases. (bsc#1135584)
- Rewrote rolling updates and replaced running stage.0 with manual commands to prevent infinite loop. (bsc#1134444)
- Improved name of CaaSP to its fuller version. (bsc#1151439)
- Verify which OSD's are going to be removed before running stage.5. (bsc#1150406)
- Added two additional steps to recovering an OSD. (bsc#1147132)
Fixes in ceph-iscsi:
- Validate kernel LIO controls type and value (bsc#1140491)
- TPG lun_id persistence (bsc#1145618)
- Target level CHAP authentication (bsc#1145617)
ceph-iscsi was updated to the upstream 3.2 release:
- Always use host FQDN instead of shortname
- Validate min/max value for target controls and rbd:user/tcmu-runner image controls (bsc#1140491)
- References
-
- https://www.suse.com/support/update/announcement/2019/suse-su-20192994-1/
- https://bugzilla.suse.com/1132767
- https://bugzilla.suse.com/1134444
- https://bugzilla.suse.com/1135584
- https://bugzilla.suse.com/1137503
- https://bugzilla.suse.com/1140491
- https://bugzilla.suse.com/1141174
- https://bugzilla.suse.com/1145093
- https://bugzilla.suse.com/1145617
- https://bugzilla.suse.com/1145618
- https://bugzilla.suse.com/1145759
- https://bugzilla.suse.com/1146656
- https://bugzilla.suse.com/1147132
- https://bugzilla.suse.com/1149093
- https://bugzilla.suse.com/1150406
- https://bugzilla.suse.com/1151439
- https://bugzilla.suse.com/1151990
- https://bugzilla.suse.com/1151991
- https://bugzilla.suse.com/1151992
- https://bugzilla.suse.com/1151993
- https://bugzilla.suse.com/1151994
- https://bugzilla.suse.com/1151995
- https://bugzilla.suse.com/1152002
- https://bugzilla.suse.com/1156282
- https://www.suse.com/security/cve/CVE-2019-10222
Affected packages
SUSE:Enterprise Storage 6 / ceph-iscsi
Package
- Name
- ceph-iscsi
- Purl
- purl:rpm/suse/ceph-iscsi&distro=SUSE%20Enterprise%20Storage%206