SUSE-SU-2020:3257-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20203257-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3257-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:3257-1
Related
Published
2020-11-20T11:14:55Z
Modified
2020-11-20T11:14:55Z
Summary
Security update for ceph, deepsea
Details

This update for ceph, deepsea fixes the following issues:

  • Update to 14.2.13-398-gb6c514eec7:

    • Upstream 14.2.13 release see https://ceph.io/releases/v14-2-13-nautilus-released/
      • (bsc#1151612, bsc#1158257) ceph-volume: major batch refactor
  • Update to 14.2.12-436-g6feab505b7:

    • Upstream 14.2.12 release see https://ceph.io/releases/v14-2-12-nautilus-released/
      • (bsc#1169134) mgr/dashboard: document Prometheus' security model
      • (bsc#1170487) monclient: schedule first tick using monclienthunt_interval
      • (bsc#1174591) mgr/dashboard: Unable to edit iSCSI logged-in client
      • (bsc#1174591) mgr/dashboard: Allow editing iSCSI targets with initiators logged-in
      • (bsc#1175061) os/bluestore: dump onode that has too many spanning blobs
      • (bsc#1175240) pybind/mgr/restful: use dict.items() for py3 compatible
    • (bsc#1175781) ceph-volume: lvmcache: print help correctly
    • spec: move python-enum34 into rhel 7 conditional
  • Update to 14.2.11-394-g9cbbc473c0:

    • Upstream 14.2.11 release see https://ceph.io/releases/v14-2-11-nautilus-released/
      • mgr/progress: Skip pg_summary update if _events dict is empty (bsc#1167477) (bsc#1172142) (bsc#1171956)
      • mgr/dashboard: Allow to edit iSCSI target with active session (bsc#1173339)
  • Update to 14.2.10-392-gb3a13b81cb:

    • Upstream 14.2.10 release see https://ceph.io/releases/v14-2-10-nautilus-released/
      • mgr: Improve internal python to c++ interface (bsc#1167477)
  • Update to 14.2.9-970-ged84cae0c9:

    • rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader (bsc#1171921, CVE-2020-10753)
  • Update to 14.2.9-969-g9917342dc8d:

    • rebase on top of upstream nautilus, SHA1 ccd9c04f88e53aef7e4f1068ce1221fa3b97450d
    • cmake: Improve test for 16-byte atomic support on IBM Z
    • (jsc#SES-680) monitoring: add details to Prometheus alerts
    • (bsc#1155045) mgr/dashboard: add debug mode, and accept expected exception when SSL handshaking
    • (bsc#1152100) monitoring: alert for prediction of disk and pool fill up broken
    • (bsc#1155262) mgr/dashboard: iSCSI targets not available if any gateway is down
    • (bsc#1159689) os/bluestore: more flexible DB volume space usage
    • (bsc#1156087) ceph-volume: make get_devices fs location independent
    • (bsc#1156409) monitoring: wait before firing osd full alert
    • (bsc#1160626) mgr/dashboard: Unable to remove an iSCSI gateway that is already in use
    • (bsc#1161718) mount.ceph: remove arbitrary limit on size of name= option
    • (bsc#1162553) ceph-volume: strip _dmcrypt suffix in simple scan json output
    • (bsc#1163119) mgr/dashboard: Not able to restrict bucket creation for new user
    • (bsc#1164571) mgr/dashboard: Prevent iSCSI target recreation when editing controls
    • (bsc#1165713) mgr/dashboard: Repair broken grafana panels
    • (bsc#1165835) rgw: get barbican secret key request maybe return error code
    • (bsc#1165840) rgw: making implicit_tenants backwards compatible
    • (bsc#1166297) mgr/dashboard: Repair broken grafana panels
    • (bsc#1166393) mgr/dashboard: KeyError on dashboard reload
    • (bsc#1166624) mgr/dashboard: Fix iSCSI's username and password validation
    • (bsc#1166670) monitoring: root volume full alert fires false positives
    • (bsc#1166932) mgr: synchronize ClusterState's health and mon_status
    • (bsc#1168403) mgr/dashboard: Add more debug information to Dashboard RGW backend
    • (bsc#1169356) rgw: reshard: skip stale bucket id entries from reshard queue
    • (bsc#1170938) mon/OSDMonitor: allow trimming maps even if osds are down
    • (bsc#1171367) Set OSD's bluefs-buffered-io param to false by default
  • Update to 14.2.13-398-gb6c514eec7:

    • Upstream 14.2.13 release see https://ceph.io/releases/v14-2-13-nautilus-released/
      • (bsc#1151612, bsc#1158257) ceph-volume: major batch refactor
  • Update to 14.2.12-436-g6feab505b7:

    • Upstream 14.2.12 release see https://ceph.io/releases/v14-2-12-nautilus-released/
      • (bsc#1169134) mgr/dashboard: document Prometheus' security model
      • (bsc#1170487) monclient: schedule first tick using monclienthunt_interval
      • (bsc#1174591) mgr/dashboard: Unable to edit iSCSI logged-in client
      • (bsc#1174591) mgr/dashboard: Allow editing iSCSI targets with initiators logged-in
      • (bsc#1175061) os/bluestore: dump onode that has too many spanning blobs
      • (bsc#1175240) pybind/mgr/restful: use dict.items() for py3 compatible
    • (bsc#1175781) ceph-volume: lvmcache: print help correctly
    • spec: move python-enum34 into rhel 7 conditional
  • Update to 14.2.11-394-g9cbbc473c0:

    • Upstream 14.2.11 release see https://ceph.io/releases/v14-2-11-nautilus-released/
      • mgr/progress: Skip pg_summary update if _events dict is empty (bsc#1167477) (bsc#1172142) (bsc#1171956)
      • mgr/dashboard: Allow to edit iSCSI target with active session (bsc#1173339)
  • Update to 14.2.10-392-gb3a13b81cb:

    • Upstream 14.2.10 release see https://ceph.io/releases/v14-2-10-nautilus-released/
      • mgr: Improve internal python to c++ interface (bsc#1167477)
  • Update to 14.2.9-970-ged84cae0c9:

    • rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader (bsc#1171921, CVE-2020-10753)
  • Update to 14.2.9-969-g9917342dc8d:

    • rebase on top of upstream nautilus, SHA1 ccd9c04f88e53aef7e4f1068ce1221fa3b97450d
    • cmake: Improve test for 16-byte atomic support on IBM Z
    • (jsc#SES-680) monitoring: add details to Prometheus alerts
    • (bsc#1155045) mgr/dashboard: add debug mode, and accept expected exception when SSL handshaking
    • (bsc#1152100) monitoring: alert for prediction of disk and pool fill up broken
    • (bsc#1155262) mgr/dashboard: iSCSI targets not available if any gateway is down
    • (bsc#1159689) os/bluestore: more flexible DB volume space usage
    • (bsc#1156087) ceph-volume: make get_devices fs location independent
    • (bsc#1156409) monitoring: wait before firing osd full alert
    • (bsc#1160626) mgr/dashboard: Unable to remove an iSCSI gateway that is already in use
    • (bsc#1161718) mount.ceph: remove arbitrary limit on size of name= option
    • (bsc#1162553) ceph-volume: strip _dmcrypt suffix in simple scan json output
    • (bsc#1163119) mgr/dashboard: Not able to restrict bucket creation for new user
    • (bsc#1164571) mgr/dashboard: Prevent iSCSI target recreation when editing controls
    • (bsc#1165713) mgr/dashboard: Repair broken grafana panels
    • (bsc#1165835) rgw: get barbican secret key request maybe return error code
    • (bsc#1165840) rgw: making implicit_tenants backwards compatible
    • (bsc#1166297) mgr/dashboard: Repair broken grafana panels
    • (bsc#1166393) mgr/dashboard: KeyError on dashboard reload
    • (bsc#1166624) mgr/dashboard: Fix iSCSI's username and password validation
    • (bsc#1166670) monitoring: root volume full alert fires false positives
    • (bsc#1166932) mgr: synchronize ClusterState's health and mon_status
    • (bsc#1168403) mgr/dashboard: Add more debug information to Dashboard RGW backend
    • (bsc#1169356) rgw: reshard: skip stale bucket id entries from reshard queue
    • (bsc#1170938) mon/OSDMonitor: allow trimming maps even if osds are down
    • (bsc#1171367) Set OSD's bluefs-buffered-io param to false by default
  • Version: 0.9.33

  • drop workarounds for old ceph-volume lvm batch command

  • runners/upgrade: Add SES6->7 pre-upgrade checks

References

Affected packages

SUSE:Enterprise Storage 6 / deepsea

Package

Name
deepsea
Purl
purl:rpm/suse/deepsea&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.33+git.0.ed16d26e-3.27.1

Ecosystem specific

{
    "binaries": [
        {
            "deepsea-cli": "0.9.33+git.0.ed16d26e-3.27.1",
            "deepsea": "0.9.33+git.0.ed16d26e-3.27.1"
        }
    ]
}