Security update for ceph, deepsea
Announcement ID: | SUSE-SU-2020:3257-1 |
---|---|
Rating: | moderate |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves one vulnerability and has 35 security fixes can now be installed.
Description:
This update for ceph, deepsea fixes the following issues:
- Update to 14.2.13-398-gb6c514eec7:
-
Upstream 14.2.13 release see https://ceph.io/releases/v14-2-13-nautilus-released/
- (bsc#1151612, bsc#1158257) ceph-volume: major batch refactor
-
Update to 14.2.12-436-g6feab505b7:
- Upstream 14.2.12 release
see https://ceph.io/releases/v14-2-12-nautilus-released/
- (bsc#1169134) mgr/dashboard: document Prometheus' security model
- (bsc#1170487) monclient: schedule first tick using mon_client_hunt_interval
- (bsc#1174591) mgr/dashboard: Unable to edit iSCSI logged-in client
- (bsc#1174591) mgr/dashboard: Allow editing iSCSI targets with initiators logged-in
- (bsc#1175061) os/bluestore: dump onode that has too many spanning blobs
- (bsc#1175240) pybind/mgr/restful: use dict.items() for py3 compatible
- (bsc#1175781) ceph-volume: lvmcache: print help correctly
-
spec: move python-enum34 into rhel 7 conditional
-
Update to 14.2.11-394-g9cbbc473c0:
-
Upstream 14.2.11 release see https://ceph.io/releases/v14-2-11-nautilus-released/
- mgr/progress: Skip pg_summary update if _events dict is empty (bsc#1167477) (bsc#1172142) (bsc#1171956)
- mgr/dashboard: Allow to edit iSCSI target with active session (bsc#1173339)
-
Update to 14.2.10-392-gb3a13b81cb:
-
Upstream 14.2.10 release see https://ceph.io/releases/v14-2-10-nautilus-released/
- mgr: Improve internal python to c++ interface (bsc#1167477)
-
Update to 14.2.9-970-ged84cae0c9:
-
rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader (bsc#1171921, CVE-2020-10753)
-
Update to 14.2.9-969-g9917342dc8d:
- rebase on top of upstream nautilus, SHA1 ccd9c04f88e53aef7e4f1068ce1221fa3b97450d
- cmake: Improve test for 16-byte atomic support on IBM Z
- (jsc#SES-680) monitoring: add details to Prometheus alerts
- (bsc#1155045) mgr/dashboard: add debug mode, and accept expected exception when SSL handshaking
- (bsc#1152100) monitoring: alert for prediction of disk and pool fill up broken
- (bsc#1155262) mgr/dashboard: iSCSI targets not available if any gateway is down
- (bsc#1159689) os/bluestore: more flexible DB volume space usage
- (bsc#1156087) ceph-volume: make get_devices fs location independent
- (bsc#1156409) monitoring: wait before firing osd full alert
- (bsc#1160626) mgr/dashboard: Unable to remove an iSCSI gateway that is already in use
- (bsc#1161718) mount.ceph: remove arbitrary limit on size of name= option
- (bsc#1162553) ceph-volume: strip _dmcrypt suffix in simple scan json output
- (bsc#1163119) mgr/dashboard: Not able to restrict bucket creation for new user
- (bsc#1164571) mgr/dashboard: Prevent iSCSI target recreation when editing controls
- (bsc#1165713) mgr/dashboard: Repair broken grafana panels
- (bsc#1165835) rgw: get barbican secret key request maybe return error code
- (bsc#1165840) rgw: making implicit_tenants backwards compatible
- (bsc#1166297) mgr/dashboard: Repair broken grafana panels
- (bsc#1166393) mgr/dashboard: KeyError on dashboard reload
- (bsc#1166624) mgr/dashboard: Fix iSCSI's username and password validation
- (bsc#1166670) monitoring: root volume full alert fires false positives
- (bsc#1166932) mgr: synchronize ClusterState's health and mon_status
- (bsc#1168403) mgr/dashboard: Add more debug information to Dashboard RGW backend
- (bsc#1169356) rgw: reshard: skip stale bucket id entries from reshard queue
- (bsc#1170938) mon/OSDMonitor: allow trimming maps even if osds are down
-
(bsc#1171367) Set OSD's bluefs-buffered-io param to false by default
-
Update to 14.2.13-398-gb6c514eec7:
-
Upstream 14.2.13 release see https://ceph.io/releases/v14-2-13-nautilus-released/
- (bsc#1151612, bsc#1158257) ceph-volume: major batch refactor
-
Update to 14.2.12-436-g6feab505b7:
- Upstream 14.2.12 release
see https://ceph.io/releases/v14-2-12-nautilus-released/
- (bsc#1169134) mgr/dashboard: document Prometheus' security model
- (bsc#1170487) monclient: schedule first tick using mon_client_hunt_interval
- (bsc#1174591) mgr/dashboard: Unable to edit iSCSI logged-in client
- (bsc#1174591) mgr/dashboard: Allow editing iSCSI targets with initiators logged-in
- (bsc#1175061) os/bluestore: dump onode that has too many spanning blobs
- (bsc#1175240) pybind/mgr/restful: use dict.items() for py3 compatible
- (bsc#1175781) ceph-volume: lvmcache: print help correctly
-
spec: move python-enum34 into rhel 7 conditional
-
Update to 14.2.11-394-g9cbbc473c0:
-
Upstream 14.2.11 release see https://ceph.io/releases/v14-2-11-nautilus-released/
- mgr/progress: Skip pg_summary update if _events dict is empty (bsc#1167477) (bsc#1172142) (bsc#1171956)
- mgr/dashboard: Allow to edit iSCSI target with active session (bsc#1173339)
-
Update to 14.2.10-392-gb3a13b81cb:
-
Upstream 14.2.10 release see https://ceph.io/releases/v14-2-10-nautilus-released/
- mgr: Improve internal python to c++ interface (bsc#1167477)
-
Update to 14.2.9-970-ged84cae0c9:
-
rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader (bsc#1171921, CVE-2020-10753)
-
Update to 14.2.9-969-g9917342dc8d:
- rebase on top of upstream nautilus, SHA1 ccd9c04f88e53aef7e4f1068ce1221fa3b97450d
- cmake: Improve test for 16-byte atomic support on IBM Z
- (jsc#SES-680) monitoring: add details to Prometheus alerts
- (bsc#1155045) mgr/dashboard: add debug mode, and accept expected exception when SSL handshaking
- (bsc#1152100) monitoring: alert for prediction of disk and pool fill up broken
- (bsc#1155262) mgr/dashboard: iSCSI targets not available if any gateway is down
- (bsc#1159689) os/bluestore: more flexible DB volume space usage
- (bsc#1156087) ceph-volume: make get_devices fs location independent
- (bsc#1156409) monitoring: wait before firing osd full alert
- (bsc#1160626) mgr/dashboard: Unable to remove an iSCSI gateway that is already in use
- (bsc#1161718) mount.ceph: remove arbitrary limit on size of name= option
- (bsc#1162553) ceph-volume: strip _dmcrypt suffix in simple scan json output
- (bsc#1163119) mgr/dashboard: Not able to restrict bucket creation for new user
- (bsc#1164571) mgr/dashboard: Prevent iSCSI target recreation when editing controls
- (bsc#1165713) mgr/dashboard: Repair broken grafana panels
- (bsc#1165835) rgw: get barbican secret key request maybe return error code
- (bsc#1165840) rgw: making implicit_tenants backwards compatible
- (bsc#1166297) mgr/dashboard: Repair broken grafana panels
- (bsc#1166393) mgr/dashboard: KeyError on dashboard reload
- (bsc#1166624) mgr/dashboard: Fix iSCSI's username and password validation
- (bsc#1166670) monitoring: root volume full alert fires false positives
- (bsc#1166932) mgr: synchronize ClusterState's health and mon_status
- (bsc#1168403) mgr/dashboard: Add more debug information to Dashboard RGW backend
- (bsc#1169356) rgw: reshard: skip stale bucket id entries from reshard queue
- (bsc#1170938) mon/OSDMonitor: allow trimming maps even if osds are down
-
(bsc#1171367) Set OSD's bluefs-buffered-io param to false by default
-
Version: 0.9.33
-
drop workarounds for old ceph-volume lvm batch command
-
runners/upgrade: Add SES6->7 pre-upgrade checks
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Enterprise Storage 6
zypper in -t patch SUSE-Storage-6-2020-3257=1
Package List:
-
SUSE Enterprise Storage 6 (noarch)
- deepsea-0.9.33+git.0.ed16d26e-3.27.1
- deepsea-cli-0.9.33+git.0.ed16d26e-3.27.1
References:
- https://www.suse.com/security/cve/CVE-2020-10753.html
- https://bugzilla.suse.com/show_bug.cgi?id=1151612
- https://bugzilla.suse.com/show_bug.cgi?id=1152100
- https://bugzilla.suse.com/show_bug.cgi?id=1155045
- https://bugzilla.suse.com/show_bug.cgi?id=1155262
- https://bugzilla.suse.com/show_bug.cgi?id=1156087
- https://bugzilla.suse.com/show_bug.cgi?id=1156409
- https://bugzilla.suse.com/show_bug.cgi?id=1158257
- https://bugzilla.suse.com/show_bug.cgi?id=1159689
- https://bugzilla.suse.com/show_bug.cgi?id=1160626
- https://bugzilla.suse.com/show_bug.cgi?id=1161718
- https://bugzilla.suse.com/show_bug.cgi?id=1162553
- https://bugzilla.suse.com/show_bug.cgi?id=1163119
- https://bugzilla.suse.com/show_bug.cgi?id=1164571
- https://bugzilla.suse.com/show_bug.cgi?id=1165713
- https://bugzilla.suse.com/show_bug.cgi?id=1165835
- https://bugzilla.suse.com/show_bug.cgi?id=1165840
- https://bugzilla.suse.com/show_bug.cgi?id=1166297
- https://bugzilla.suse.com/show_bug.cgi?id=1166393
- https://bugzilla.suse.com/show_bug.cgi?id=1166624
- https://bugzilla.suse.com/show_bug.cgi?id=1166670
- https://bugzilla.suse.com/show_bug.cgi?id=1166932
- https://bugzilla.suse.com/show_bug.cgi?id=1167477
- https://bugzilla.suse.com/show_bug.cgi?id=1168403
- https://bugzilla.suse.com/show_bug.cgi?id=1169134
- https://bugzilla.suse.com/show_bug.cgi?id=1169356
- https://bugzilla.suse.com/show_bug.cgi?id=1170487
- https://bugzilla.suse.com/show_bug.cgi?id=1170938
- https://bugzilla.suse.com/show_bug.cgi?id=1171367
- https://bugzilla.suse.com/show_bug.cgi?id=1171921
- https://bugzilla.suse.com/show_bug.cgi?id=1171956
- https://bugzilla.suse.com/show_bug.cgi?id=1172142
- https://bugzilla.suse.com/show_bug.cgi?id=1173339
- https://bugzilla.suse.com/show_bug.cgi?id=1174591
- https://bugzilla.suse.com/show_bug.cgi?id=1175061
- https://bugzilla.suse.com/show_bug.cgi?id=1175240
- https://bugzilla.suse.com/show_bug.cgi?id=1175781