SUSE-SU-2020:3257-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2020/suse-su-20203257-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3257-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2020:3257-1

Related

CVE-2020-10753

Published

2020-11-20T11:14:55Z

Modified

2020-11-20T11:14:55Z

Summary

Security update for ceph, deepsea

Details

This update for ceph, deepsea fixes the following issues:

Update to 14.2.13-398-gb6c514eec7:
- Upstream 14.2.13 release see https://ceph.io/releases/v14-2-13-nautilus-released/
  - (bsc#1151612, bsc#1158257) ceph-volume: major batch refactor
Update to 14.2.12-436-g6feab505b7:
- Upstream 14.2.12 release see https://ceph.io/releases/v14-2-12-nautilus-released/
  - (bsc#1169134) mgr/dashboard: document Prometheus' security model
  - (bsc#1170487) monclient: schedule first tick using monclienthunt_interval
  - (bsc#1174591) mgr/dashboard: Unable to edit iSCSI logged-in client
  - (bsc#1174591) mgr/dashboard: Allow editing iSCSI targets with initiators logged-in
  - (bsc#1175061) os/bluestore: dump onode that has too many spanning blobs
  - (bsc#1175240) pybind/mgr/restful: use dict.items() for py3 compatible
- (bsc#1175781) ceph-volume: lvmcache: print help correctly
- spec: move python-enum34 into rhel 7 conditional
Update to 14.2.11-394-g9cbbc473c0:
- Upstream 14.2.11 release see https://ceph.io/releases/v14-2-11-nautilus-released/
  - mgr/progress: Skip pg_summary update if _events dict is empty (bsc#1167477) (bsc#1172142) (bsc#1171956)
  - mgr/dashboard: Allow to edit iSCSI target with active session (bsc#1173339)
Update to 14.2.10-392-gb3a13b81cb:
- Upstream 14.2.10 release see https://ceph.io/releases/v14-2-10-nautilus-released/
  - mgr: Improve internal python to c++ interface (bsc#1167477)
Update to 14.2.9-970-ged84cae0c9:
- rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader (bsc#1171921, CVE-2020-10753)
Update to 14.2.9-969-g9917342dc8d:
- rebase on top of upstream nautilus, SHA1 ccd9c04f88e53aef7e4f1068ce1221fa3b97450d
- cmake: Improve test for 16-byte atomic support on IBM Z
- (jsc#SES-680) monitoring: add details to Prometheus alerts
- (bsc#1155045) mgr/dashboard: add debug mode, and accept expected exception when SSL handshaking
- (bsc#1152100) monitoring: alert for prediction of disk and pool fill up broken
- (bsc#1155262) mgr/dashboard: iSCSI targets not available if any gateway is down
- (bsc#1159689) os/bluestore: more flexible DB volume space usage
- (bsc#1156087) ceph-volume: make get_devices fs location independent
- (bsc#1156409) monitoring: wait before firing osd full alert
- (bsc#1160626) mgr/dashboard: Unable to remove an iSCSI gateway that is already in use
- (bsc#1161718) mount.ceph: remove arbitrary limit on size of name= option
- (bsc#1162553) ceph-volume: strip _dmcrypt suffix in simple scan json output
- (bsc#1163119) mgr/dashboard: Not able to restrict bucket creation for new user
- (bsc#1164571) mgr/dashboard: Prevent iSCSI target recreation when editing controls
- (bsc#1165713) mgr/dashboard: Repair broken grafana panels
- (bsc#1165835) rgw: get barbican secret key request maybe return error code
- (bsc#1165840) rgw: making implicit_tenants backwards compatible
- (bsc#1166297) mgr/dashboard: Repair broken grafana panels
- (bsc#1166393) mgr/dashboard: KeyError on dashboard reload
- (bsc#1166624) mgr/dashboard: Fix iSCSI's username and password validation
- (bsc#1166670) monitoring: root volume full alert fires false positives
- (bsc#1166932) mgr: synchronize ClusterState's health and mon_status
- (bsc#1168403) mgr/dashboard: Add more debug information to Dashboard RGW backend
- (bsc#1169356) rgw: reshard: skip stale bucket id entries from reshard queue
- (bsc#1170938) mon/OSDMonitor: allow trimming maps even if osds are down
- (bsc#1171367) Set OSD's bluefs-buffered-io param to false by default
Update to 14.2.13-398-gb6c514eec7:
- Upstream 14.2.13 release see https://ceph.io/releases/v14-2-13-nautilus-released/
  - (bsc#1151612, bsc#1158257) ceph-volume: major batch refactor
Update to 14.2.12-436-g6feab505b7:
- Upstream 14.2.12 release see https://ceph.io/releases/v14-2-12-nautilus-released/
  - (bsc#1169134) mgr/dashboard: document Prometheus' security model
  - (bsc#1170487) monclient: schedule first tick using monclienthunt_interval
  - (bsc#1174591) mgr/dashboard: Unable to edit iSCSI logged-in client
  - (bsc#1174591) mgr/dashboard: Allow editing iSCSI targets with initiators logged-in
  - (bsc#1175061) os/bluestore: dump onode that has too many spanning blobs
  - (bsc#1175240) pybind/mgr/restful: use dict.items() for py3 compatible
- (bsc#1175781) ceph-volume: lvmcache: print help correctly
- spec: move python-enum34 into rhel 7 conditional
Update to 14.2.11-394-g9cbbc473c0:
- Upstream 14.2.11 release see https://ceph.io/releases/v14-2-11-nautilus-released/
  - mgr/progress: Skip pg_summary update if _events dict is empty (bsc#1167477) (bsc#1172142) (bsc#1171956)
  - mgr/dashboard: Allow to edit iSCSI target with active session (bsc#1173339)
Update to 14.2.10-392-gb3a13b81cb:
- Upstream 14.2.10 release see https://ceph.io/releases/v14-2-10-nautilus-released/
  - mgr: Improve internal python to c++ interface (bsc#1167477)
Update to 14.2.9-970-ged84cae0c9:
- rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader (bsc#1171921, CVE-2020-10753)
Update to 14.2.9-969-g9917342dc8d:
- rebase on top of upstream nautilus, SHA1 ccd9c04f88e53aef7e4f1068ce1221fa3b97450d
- cmake: Improve test for 16-byte atomic support on IBM Z
- (jsc#SES-680) monitoring: add details to Prometheus alerts
- (bsc#1155045) mgr/dashboard: add debug mode, and accept expected exception when SSL handshaking
- (bsc#1152100) monitoring: alert for prediction of disk and pool fill up broken
- (bsc#1155262) mgr/dashboard: iSCSI targets not available if any gateway is down
- (bsc#1159689) os/bluestore: more flexible DB volume space usage
- (bsc#1156087) ceph-volume: make get_devices fs location independent
- (bsc#1156409) monitoring: wait before firing osd full alert
- (bsc#1160626) mgr/dashboard: Unable to remove an iSCSI gateway that is already in use
- (bsc#1161718) mount.ceph: remove arbitrary limit on size of name= option
- (bsc#1162553) ceph-volume: strip _dmcrypt suffix in simple scan json output
- (bsc#1163119) mgr/dashboard: Not able to restrict bucket creation for new user
- (bsc#1164571) mgr/dashboard: Prevent iSCSI target recreation when editing controls
- (bsc#1165713) mgr/dashboard: Repair broken grafana panels
- (bsc#1165835) rgw: get barbican secret key request maybe return error code
- (bsc#1165840) rgw: making implicit_tenants backwards compatible
- (bsc#1166297) mgr/dashboard: Repair broken grafana panels
- (bsc#1166393) mgr/dashboard: KeyError on dashboard reload
- (bsc#1166624) mgr/dashboard: Fix iSCSI's username and password validation
- (bsc#1166670) monitoring: root volume full alert fires false positives
- (bsc#1166932) mgr: synchronize ClusterState's health and mon_status
- (bsc#1168403) mgr/dashboard: Add more debug information to Dashboard RGW backend
- (bsc#1169356) rgw: reshard: skip stale bucket id entries from reshard queue
- (bsc#1170938) mon/OSDMonitor: allow trimming maps even if osds are down
- (bsc#1171367) Set OSD's bluefs-buffered-io param to false by default
Version: 0.9.33
drop workarounds for old ceph-volume lvm batch command
runners/upgrade: Add SES6->7 pre-upgrade checks

References

Affected packages

SUSE:Enterprise Storage 6 / deepsea

Package

Name: deepsea
Purl: purl:rpm/suse/deepsea&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.33+git.0.ed16d26e-3.27.1

Ecosystem specific

{
    "binaries": [
        {
            "deepsea-cli": "0.9.33+git.0.ed16d26e-3.27.1",
            "deepsea": "0.9.33+git.0.ed16d26e-3.27.1"
        }
    ]
}