SUSE-SU-2017:0367-1: moderate: Security update for ceph

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Feb 2 16:09:35 MST 2017


   SUSE Security Update: Security update for ceph
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0367-1
Rating:             moderate
References:         #1005179 #1007216 #1008501 #1008894 #1014338 
                    #977940 #982141 #985232 #987144 #990438 #999688 
                    
Cross-References:   CVE-2016-5009
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP2
                    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
                    SUSE Linux Enterprise Server 12-SP2
                    SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

   An update that solves one vulnerability and has 10 fixes is
   now available.

Description:


   This update for ceph fixes the following issues:

   * CVE-2016-5009: moncommand with empty prefix could crash monitor
     [bsc#987144]
   * Invalid commandd in SOC7 with ceph [bsc#1008894]
   * Performance fix was missing in SES4 [bsc#1005179]
   * ceph build problems on ppc64le [bsc#982141]
   * ceph make build unit test failure [bsc#977940]
   * ceph-deploy mon create-initial fails on one node [bsc#999688]
   * MDS dies while running xfstests  [bsc#985232]
   * Typerror while calling _recover_auth_meta() [bsc#1008501]
   * OSD daemon uses ~100% CPU load right after OSD creation / first OSD
     start [bsc#1014338]
   * civetweb HTTPS support not working [bsc#990438]
   * systemd is killing off OSDs [bsc#1007216]


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP2:

      zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-186=1

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

      zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-186=1

   - SUSE Linux Enterprise Server 12-SP2:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-186=1

   - SUSE Linux Enterprise Desktop 12-SP2:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-186=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 x86_64):

      ceph-debugsource-10.2.4+git.1481215985.12b091b-15.2
      libcephfs-devel-10.2.4+git.1481215985.12b091b-15.2
      librados-devel-10.2.4+git.1481215985.12b091b-15.2
      librados-devel-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      libradosstriper-devel-10.2.4+git.1481215985.12b091b-15.2
      librbd-devel-10.2.4+git.1481215985.12b091b-15.2

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

      ceph-common-10.2.4+git.1481215985.12b091b-15.2
      ceph-common-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      ceph-debugsource-10.2.4+git.1481215985.12b091b-15.2
      libcephfs1-10.2.4+git.1481215985.12b091b-15.2
      libcephfs1-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      librados2-10.2.4+git.1481215985.12b091b-15.2
      librados2-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      libradosstriper1-10.2.4+git.1481215985.12b091b-15.2
      libradosstriper1-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      librbd1-10.2.4+git.1481215985.12b091b-15.2
      librbd1-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      python-cephfs-10.2.4+git.1481215985.12b091b-15.2
      python-cephfs-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      python-rados-10.2.4+git.1481215985.12b091b-15.2
      python-rados-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      python-rbd-10.2.4+git.1481215985.12b091b-15.2
      python-rbd-debuginfo-10.2.4+git.1481215985.12b091b-15.2

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64):

      ceph-common-10.2.4+git.1481215985.12b091b-15.2
      ceph-common-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      ceph-debugsource-10.2.4+git.1481215985.12b091b-15.2
      libcephfs1-10.2.4+git.1481215985.12b091b-15.2
      libcephfs1-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      librados2-10.2.4+git.1481215985.12b091b-15.2
      librados2-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      libradosstriper1-10.2.4+git.1481215985.12b091b-15.2
      libradosstriper1-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      librbd1-10.2.4+git.1481215985.12b091b-15.2
      librbd1-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      python-cephfs-10.2.4+git.1481215985.12b091b-15.2
      python-cephfs-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      python-rados-10.2.4+git.1481215985.12b091b-15.2
      python-rados-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      python-rbd-10.2.4+git.1481215985.12b091b-15.2
      python-rbd-debuginfo-10.2.4+git.1481215985.12b091b-15.2

   - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

      ceph-common-10.2.4+git.1481215985.12b091b-15.2
      ceph-common-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      ceph-debugsource-10.2.4+git.1481215985.12b091b-15.2
      libcephfs1-10.2.4+git.1481215985.12b091b-15.2
      libcephfs1-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      librados2-10.2.4+git.1481215985.12b091b-15.2
      librados2-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      libradosstriper1-10.2.4+git.1481215985.12b091b-15.2
      libradosstriper1-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      librbd1-10.2.4+git.1481215985.12b091b-15.2
      librbd1-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      python-cephfs-10.2.4+git.1481215985.12b091b-15.2
      python-cephfs-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      python-rados-10.2.4+git.1481215985.12b091b-15.2
      python-rados-debuginfo-10.2.4+git.1481215985.12b091b-15.2
      python-rbd-10.2.4+git.1481215985.12b091b-15.2
      python-rbd-debuginfo-10.2.4+git.1481215985.12b091b-15.2


References:

   https://www.suse.com/security/cve/CVE-2016-5009.html
   https://bugzilla.suse.com/1005179
   https://bugzilla.suse.com/1007216
   https://bugzilla.suse.com/1008501
   https://bugzilla.suse.com/1008894
   https://bugzilla.suse.com/1014338
   https://bugzilla.suse.com/977940
   https://bugzilla.suse.com/982141
   https://bugzilla.suse.com/985232
   https://bugzilla.suse.com/987144
   https://bugzilla.suse.com/990438
   https://bugzilla.suse.com/999688



More information about the sle-security-updates mailing list