SUSE-SU-2018:1576-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1576-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2018:1576-1
- Related
- Published
- 2018-06-07T13:11:11Z
- Modified
- 2018-06-07T13:11:11Z
- Summary
- Security update for ceph
- Details
-
This update for ceph to 12.2.5-407-g5e7ea8cf03 fixes the following issues:
Security issue fixed:
- CVE-2018-7262: The rgwcivetweb.cc RGWCivetWeb::initenv function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. rgw: make init env methods return an error (bsc#1081379)
Other issues fixed:
- osd: do not crash on empty snapset (bsc#1074301)
- mon: add 'ceph osd pool get erasure allowecoverwrites' command (bsc#1087269)
- journal: limit number of appends sent in one librados op (bsc#1086340)
- RGW user stats fixes (bsc#1087493)
- rgw openssl fixes (bsc#1079076, bsc#1081379)
- rocksdb: fixes early metadata spill over to slow device in bluefs (bsc#1071386)
- mon: reenable timer to send digest when paxos is temporarily inactive (bsc#1070357)
- fsid mismatch when creating additional OSDs (bsc#1080788)
- crash in civetweb/RGW (bsc#1081600)
- References
-
- https://www.suse.com/support/update/announcement/2018/suse-su-20181576-1/
- https://bugzilla.suse.com/1070357
- https://bugzilla.suse.com/1071386
- https://bugzilla.suse.com/1074301
- https://bugzilla.suse.com/1079076
- https://bugzilla.suse.com/1080788
- https://bugzilla.suse.com/1081379
- https://bugzilla.suse.com/1081600
- https://bugzilla.suse.com/1086340
- https://bugzilla.suse.com/1087269
- https://bugzilla.suse.com/1087493
- https://www.suse.com/security/cve/CVE-2018-7262
Affected packages
SUSE:Enterprise Storage 5 / ceph
Package
- Name
- ceph
- Purl
- purl:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%205
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed12.2.5+git.1524775272.5e7ea8cf03-2.13.3
Ecosystem specific
{
"binaries": [
{
"rbd-mirror": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"ceph-mgr": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"python3-cephfs": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"ceph-osd": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"python3-rados": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"python-rgw": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"librbd1": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"python-ceph-compat": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"ceph-fuse": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"ceph-common": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"ceph-mds": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"librgw2": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"python3-rbd": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"libcephfs2": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"librados2": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"python-rbd": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"python3-ceph-argparse": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"ceph": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"ceph-mon": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"rbd-fuse": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"rbd-nbd": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"ceph-radosgw": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"python3-rgw": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"ceph-base": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"python-rados": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"python-cephfs": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3",
"libradosstriper1": "12.2.5+git.1524775272.5e7ea8cf03-2.13.3"
}
]
}