Security update for ceph

Announcement ID:	SUSE-SU-2019:2049-1
Rating:	important
References:	bsc#1121567 bsc#1123360 bsc#1124957 bsc#1125080 bsc#1125899 bsc#1131984 bsc#1132396 bsc#1133139 bsc#1133461 bsc#1135030 bsc#1135219 bsc#1135221 bsc#1135388 bsc#1136110
Cross-References:	CVE-2018-16889 CVE-2019-3821
CVSS scores:	CVE-2018-16889 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-16889 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2019-3821 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3821 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3821 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3821 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP1 SUSE Enterprise Storage 6 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Real Time 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

An update that solves two vulnerabilities and has 12 security fixes can now be installed.

Description:

This update for ceph fixes the following issues:

Security issues fixed:

CVE-2019-3821: civetweb: fix file descriptor leak (bsc#1125080)
CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567)

Non-security issues fixed:

install grafana dashboards world readable (bsc#1136110)
upgrade results in cluster outage (bsc#1132396)
ceph status reports "HEALTH_WARN 3 monitors have not enabled msgr2" (bsc#1124957)
Dashboard: Opening tcmu-runner perf counters results in a 404 (bsc#1135388)
RadosGW stopped expiring objects (bsc#1133139)
Ceph does not recover when rebuilding every OSD (bsc#1133461)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

Basesystem Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2049=1
SUSE Enterprise Storage 6
zypper in -t patch SUSE-Storage-6-2019-2049=1

Package List:

Basesystem Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- python3-rgw-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- libcephfs2-14.2.1.468+g994fd9e0cc-3.3.2
- librgw-devel-14.2.1.468+g994fd9e0cc-3.3.2
- python3-cephfs-14.2.1.468+g994fd9e0cc-3.3.2
- python3-ceph-argparse-14.2.1.468+g994fd9e0cc-3.3.2
- librados2-14.2.1.468+g994fd9e0cc-3.3.2
- python3-rados-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- python3-cephfs-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- rados-objclass-devel-14.2.1.468+g994fd9e0cc-3.3.2
- libcephfs-devel-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-common-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- python3-rados-14.2.1.468+g994fd9e0cc-3.3.2
- librgw2-14.2.1.468+g994fd9e0cc-3.3.2
- librados2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- python3-rbd-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- librados-devel-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- python3-rbd-14.2.1.468+g994fd9e0cc-3.3.2
- python3-rgw-14.2.1.468+g994fd9e0cc-3.3.2
- librbd1-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- librados-devel-14.2.1.468+g994fd9e0cc-3.3.2
- librbd-devel-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-common-14.2.1.468+g994fd9e0cc-3.3.2
- librbd1-14.2.1.468+g994fd9e0cc-3.3.2
- libcephfs2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- libradospp-devel-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-debugsource-14.2.1.468+g994fd9e0cc-3.3.2
- librgw2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
SUSE Enterprise Storage 6 (aarch64 x86_64)
- ceph-mgr-14.2.1.468+g994fd9e0cc-3.3.2
- python3-rgw-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-mgr-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- libcephfs2-14.2.1.468+g994fd9e0cc-3.3.2
- rbd-mirror-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-osd-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- python3-cephfs-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-mon-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-mds-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-14.2.1.468+g994fd9e0cc-3.3.2
- librados2-14.2.1.468+g994fd9e0cc-3.3.2
- python3-ceph-argparse-14.2.1.468+g994fd9e0cc-3.3.2
- python3-rados-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-radosgw-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-osd-14.2.1.468+g994fd9e0cc-3.3.2
- python3-cephfs-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-fuse-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- rbd-mirror-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- rbd-nbd-14.2.1.468+g994fd9e0cc-3.3.2
- rbd-fuse-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-common-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- python3-rados-14.2.1.468+g994fd9e0cc-3.3.2
- librgw2-14.2.1.468+g994fd9e0cc-3.3.2
- librados2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- python3-rbd-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- rbd-nbd-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-fuse-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-mon-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- python3-rbd-14.2.1.468+g994fd9e0cc-3.3.2
- python3-rgw-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-radosgw-14.2.1.468+g994fd9e0cc-3.3.2
- librbd1-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- rbd-fuse-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-mds-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-base-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-base-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-common-14.2.1.468+g994fd9e0cc-3.3.2
- cephfs-shell-14.2.1.468+g994fd9e0cc-3.3.2
- librbd1-14.2.1.468+g994fd9e0cc-3.3.2
- libcephfs2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-debugsource-14.2.1.468+g994fd9e0cc-3.3.2
- librgw2-debuginfo-14.2.1.468+g994fd9e0cc-3.3.2
SUSE Enterprise Storage 6 (noarch)
- ceph-prometheus-alerts-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-mgr-dashboard-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-mgr-diskprediction-local-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-grafana-dashboards-14.2.1.468+g994fd9e0cc-3.3.2
- ceph-mgr-rook-14.2.1.468+g994fd9e0cc-3.3.2

Security update for ceph

Description:

Patch Instructions:

Package List:

References: