Security update for ceph

Announcement ID:	SUSE-SU-2022:4501-1
Rating:	important
References:	bsc#1178073 bsc#1194131 bsc#1194353 bsc#1194875 bsc#1195359 bsc#1196044 bsc#1196785 bsc#1196938 bsc#1200064 bsc#1200553 jsc#SES-2515 jsc#SLE-24710 jsc#SLE-24711
Cross-References:	CVE-2021-3979
CVSS scores:	CVE-2021-3979 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3979 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:	Basesystem Module 15-SP3 openSUSE Leap 15.3 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro for Rancher 5.2 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

An update that solves one vulnerability, contains three features and has nine security fixes can now be installed.

Description:

This update for ceph fixes the following issues:

ceph was updated to the Pacific release (16.2.9-536-g41a9f9a5573):

• (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR
• (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)
• (bsc#1200064,) Remove last vestiges of docker.io image paths
• (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname
• (bsc#1196785) cephadm: avoid crashing on expected non-zero exit
• (jsc#SES-2515) High-availability NFS export
• (bsc#1194875) [SES7P] include/buffer: include <memory>
• cephadm: update image paths to registry.suse.com
• cephadm: use snmp-notifier image from registry.suse.de
• cephadm: infer the default container image during pull
• mgr/cephadm: try to get FQDN for inventory address
• (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12
• (bsc#1196938) cephadm: preserve authorized_keys file during upgrade
• Update Prometheus Container image paths (pr #459)
• mgr/dashboard: Fix documentation URL (pr #456)
• mgr/dashboard: Adapt downstream branded navigation page (pr #454)
• Update prometheus-server version
• (bsc#1194353) Downstream branding breaks dashboard npm build
• (bsc#1178073) mgr/dashboard: fix downstream NFS doc links

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2022-4501=1
• Basesystem Module 15-SP3
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4501=1
• SUSE Linux Enterprise Micro 5.1
  zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4501=1
• SUSE Linux Enterprise Micro 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4501=1
• SUSE Linux Enterprise Micro for Rancher 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4501=1

Package List:

• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
  • fmt-devel-8.0.1-150300.7.5.1
  • fmt-debugsource-8.0.1-150300.7.5.1
  • libfmt8-debuginfo-8.0.1-150300.7.5.1
  • libfmt8-8.0.1-150300.7.5.1
• openSUSE Leap 15.3 (x86_64)
  • libfmt8-32bit-8.0.1-150300.7.5.1
  • libfmt8-32bit-debuginfo-8.0.1-150300.7.5.1
  • ceph-test-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-test-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-test-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1
• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
  • ceph-mds-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librados-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-osd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • cephfs-shell-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • rbd-fuse-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-mon-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • rbd-fuse-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • libcephfs-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-base-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-radosgw-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-rados-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librgw-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-fuse-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • libcephfs2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • libcephsqlite-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-rbd-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-mds-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librgw2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • libcephfs2-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • rbd-nbd-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-immutable-object-cache-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-rados-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-immutable-object-cache-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-mgr-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-base-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-mon-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-rbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-osd-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-rgw-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-radosgw-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • cephfs-mirror-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • libcephsqlite-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • rbd-mirror-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librgw2-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-cephfs-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-common-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • rbd-nbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • libradospp-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-mgr-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-cephfs-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • cephfs-mirror-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-rgw-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • libcephsqlite-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-fuse-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • rados-objclass-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • rbd-mirror-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librados-devel-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1
• openSUSE Leap 15.3 (noarch)
  • ceph-mgr-modules-core-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-mgr-dashboard-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-prometheus-alerts-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-mgr-diskprediction-local-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • cephfs-top-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-mgr-k8sevents-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-mgr-rook-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • cephadm-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-mgr-cephadm-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150300.6.3.1
• openSUSE Leap 15.3 (aarch64_ilp32)
  • libfmt8-64bit-debuginfo-8.0.1-150300.7.5.1
  • libfmt8-64bit-8.0.1-150300.7.5.1
• Basesystem Module 15-SP3 (aarch64 ppc64le s390x x86_64)
  • librados-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • libcephfs-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-rados-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librgw-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • libcephfs2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-rbd-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librgw2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • fmt-debugsource-8.0.1-150300.7.5.1
  • libcephfs2-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • rbd-nbd-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-rados-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • libfmt8-debuginfo-8.0.1-150300.7.5.1
  • libfmt8-8.0.1-150300.7.5.1
  • python3-rbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-rgw-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librgw2-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-cephfs-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-common-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • rbd-nbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • libradospp-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-cephfs-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • python3-rgw-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • rados-objclass-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librados-devel-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1
• SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64)
  • libfmt8-debuginfo-8.0.1-150300.7.5.1
  • libfmt8-8.0.1-150300.7.5.1
  • librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1
• SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
  • libfmt8-debuginfo-8.0.1-150300.7.5.1
  • libfmt8-8.0.1-150300.7.5.1
  • librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1
• SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
  • libfmt8-debuginfo-8.0.1-150300.7.5.1
  • libfmt8-8.0.1-150300.7.5.1
  • librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1
  • librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1

References:

• https://www.suse.com/security/cve/CVE-2021-3979.html
• https://bugzilla.suse.com/show_bug.cgi?id=1178073
• https://bugzilla.suse.com/show_bug.cgi?id=1194131
• https://bugzilla.suse.com/show_bug.cgi?id=1194353
• https://bugzilla.suse.com/show_bug.cgi?id=1194875
• https://bugzilla.suse.com/show_bug.cgi?id=1195359
• https://bugzilla.suse.com/show_bug.cgi?id=1196044
• https://bugzilla.suse.com/show_bug.cgi?id=1196785
• https://bugzilla.suse.com/show_bug.cgi?id=1196938
• https://bugzilla.suse.com/show_bug.cgi?id=1200064
• https://bugzilla.suse.com/show_bug.cgi?id=1200553
• https://jira.suse.com/browse/SES-2515
• https://jira.suse.com/browse/SLE-24710
• https://jira.suse.com/browse/SLE-24711