SUSE-SU-2020:3257-1: moderate: Security update for ceph, deepsea
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Nov 9 07:18:05 MST 2020
SUSE Security Update: Security update for ceph, deepsea
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:3257-1
Rating: moderate
References: #1151612 #1152100 #1155045 #1155262 #1156087
#1156409 #1158257 #1159689 #1160626 #1161718
#1162553 #1163119 #1164571 #1165713 #1165835
#1165840 #1166297 #1166393 #1166624 #1166670
#1166932 #1167477 #1168403 #1169134 #1169356
#1170487 #1170938 #1171367 #1171921 #1171956
#1172142 #1173339 #1174591 #1175061 #1175240
#1175781
Cross-References: CVE-2020-10753
Affected Products:
SUSE Enterprise Storage 6
______________________________________________________________________________
An update that solves one vulnerability and has 35 fixes is
now available.
Description:
This update for ceph, deepsea fixes the following issues:
- Update to 14.2.13-398-gb6c514eec7:
+ Upstream 14.2.13 release see
https://ceph.io/releases/v14-2-13-nautilus-released/
* (bsc#1151612, bsc#1158257) ceph-volume: major batch refactor
- Update to 14.2.12-436-g6feab505b7:
+ Upstream 14.2.12 release see
https://ceph.io/releases/v14-2-12-nautilus-released/
* (bsc#1169134) mgr/dashboard: document Prometheus' security model
* (bsc#1170487) monclient: schedule first tick using
mon_client_hunt_interval
* (bsc#1174591) mgr/dashboard: Unable to edit iSCSI logged-in client
* (bsc#1174591) mgr/dashboard: Allow editing iSCSI targets with
initiators logged-in
* (bsc#1175061) os/bluestore: dump onode that has too many spanning
blobs
* (bsc#1175240) pybind/mgr/restful: use dict.items() for py3 compatible
+ (bsc#1175781) ceph-volume: lvmcache: print help correctly
+ spec: move python-enum34 into rhel 7 conditional
- Update to 14.2.11-394-g9cbbc473c0:
+ Upstream 14.2.11 release see
https://ceph.io/releases/v14-2-11-nautilus-released/
* mgr/progress: Skip pg_summary update if _events dict is empty
(bsc#1167477) (bsc#1172142) (bsc#1171956)
* mgr/dashboard: Allow to edit iSCSI target with active session
(bsc#1173339)
- Update to 14.2.10-392-gb3a13b81cb:
+ Upstream 14.2.10 release see
https://ceph.io/releases/v14-2-10-nautilus-released/
* mgr: Improve internal python to c++ interface (bsc#1167477)
- Update to 14.2.9-970-ged84cae0c9:
+ rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader
(bsc#1171921, CVE-2020-10753)
- Update to 14.2.9-969-g9917342dc8d:
* rebase on top of upstream nautilus, SHA1
ccd9c04f88e53aef7e4f1068ce1221fa3b97450d
* cmake: Improve test for 16-byte atomic support on IBM Z
* (jsc#SES-680) monitoring: add details to Prometheus alerts
* (bsc#1155045) mgr/dashboard: add debug mode, and accept expected
exception when SSL handshaking
* (bsc#1152100) monitoring: alert for prediction of disk and pool fill
up broken
* (bsc#1155262) mgr/dashboard: iSCSI targets not available if any
gateway is down
* (bsc#1159689) os/bluestore: more flexible DB volume space usage
* (bsc#1156087) ceph-volume: make get_devices fs location independent
* (bsc#1156409) monitoring: wait before firing osd full alert
* (bsc#1160626) mgr/dashboard: Unable to remove an iSCSI gateway that is
already in use
* (bsc#1161718) mount.ceph: remove arbitrary limit on size of name=
option
* (bsc#1162553) ceph-volume: strip _dmcrypt suffix in simple scan json
output
* (bsc#1163119) mgr/dashboard: Not able to restrict bucket creation for
new user
* (bsc#1164571) mgr/dashboard: Prevent iSCSI target recreation when
editing controls
* (bsc#1165713) mgr/dashboard: Repair broken grafana panels
* (bsc#1165835) rgw: get barbican secret key request maybe return error
code
* (bsc#1165840) rgw: making implicit_tenants backwards compatible
* (bsc#1166297) mgr/dashboard: Repair broken grafana panels
* (bsc#1166393) mgr/dashboard: KeyError on dashboard reload
* (bsc#1166624) mgr/dashboard: Fix iSCSI's username and password
validation
* (bsc#1166670) monitoring: root volume full alert fires false positives
* (bsc#1166932) mgr: synchronize ClusterState's health and mon_status
* (bsc#1168403) mgr/dashboard: Add more debug information to Dashboard
RGW backend
* (bsc#1169356) rgw: reshard: skip stale bucket id entries from reshard
queue
* (bsc#1170938) mon/OSDMonitor: allow trimming maps even if osds are down
* (bsc#1171367) Set OSD's bluefs-buffered-io param to false by default
- Update to 14.2.13-398-gb6c514eec7:
+ Upstream 14.2.13 release see
https://ceph.io/releases/v14-2-13-nautilus-released/
* (bsc#1151612, bsc#1158257) ceph-volume: major batch refactor
- Update to 14.2.12-436-g6feab505b7:
+ Upstream 14.2.12 release see
https://ceph.io/releases/v14-2-12-nautilus-released/
* (bsc#1169134) mgr/dashboard: document Prometheus' security model
* (bsc#1170487) monclient: schedule first tick using
mon_client_hunt_interval
* (bsc#1174591) mgr/dashboard: Unable to edit iSCSI logged-in client
* (bsc#1174591) mgr/dashboard: Allow editing iSCSI targets with
initiators logged-in
* (bsc#1175061) os/bluestore: dump onode that has too many spanning
blobs
* (bsc#1175240) pybind/mgr/restful: use dict.items() for py3 compatible
+ (bsc#1175781) ceph-volume: lvmcache: print help correctly
+ spec: move python-enum34 into rhel 7 conditional
- Update to 14.2.11-394-g9cbbc473c0:
+ Upstream 14.2.11 release see
https://ceph.io/releases/v14-2-11-nautilus-released/
* mgr/progress: Skip pg_summary update if _events dict is empty
(bsc#1167477) (bsc#1172142) (bsc#1171956)
* mgr/dashboard: Allow to edit iSCSI target with active session
(bsc#1173339)
- Update to 14.2.10-392-gb3a13b81cb:
+ Upstream 14.2.10 release see
https://ceph.io/releases/v14-2-10-nautilus-released/
* mgr: Improve internal python to c++ interface (bsc#1167477)
- Update to 14.2.9-970-ged84cae0c9:
+ rgw: sanitize newlines in s3 CORSConfiguration's ExposeHeader
(bsc#1171921, CVE-2020-10753)
- Update to 14.2.9-969-g9917342dc8d:
* rebase on top of upstream nautilus, SHA1
ccd9c04f88e53aef7e4f1068ce1221fa3b97450d
* cmake: Improve test for 16-byte atomic support on IBM Z
* (jsc#SES-680) monitoring: add details to Prometheus alerts
* (bsc#1155045) mgr/dashboard: add debug mode, and accept expected
exception when SSL handshaking
* (bsc#1152100) monitoring: alert for prediction of disk and pool fill
up broken
* (bsc#1155262) mgr/dashboard: iSCSI targets not available if any
gateway is down
* (bsc#1159689) os/bluestore: more flexible DB volume space usage
* (bsc#1156087) ceph-volume: make get_devices fs location independent
* (bsc#1156409) monitoring: wait before firing osd full alert
* (bsc#1160626) mgr/dashboard: Unable to remove an iSCSI gateway that is
already in use
* (bsc#1161718) mount.ceph: remove arbitrary limit on size of name=
option
* (bsc#1162553) ceph-volume: strip _dmcrypt suffix in simple scan json
output
* (bsc#1163119) mgr/dashboard: Not able to restrict bucket creation for
new user
* (bsc#1164571) mgr/dashboard: Prevent iSCSI target recreation when
editing controls
* (bsc#1165713) mgr/dashboard: Repair broken grafana panels
* (bsc#1165835) rgw: get barbican secret key request maybe return error
code
* (bsc#1165840) rgw: making implicit_tenants backwards compatible
* (bsc#1166297) mgr/dashboard: Repair broken grafana panels
* (bsc#1166393) mgr/dashboard: KeyError on dashboard reload
* (bsc#1166624) mgr/dashboard: Fix iSCSI's username and password
validation
* (bsc#1166670) monitoring: root volume full alert fires false positives
* (bsc#1166932) mgr: synchronize ClusterState's health and mon_status
* (bsc#1168403) mgr/dashboard: Add more debug information to Dashboard
RGW backend
* (bsc#1169356) rgw: reshard: skip stale bucket id entries from reshard
queue
* (bsc#1170938) mon/OSDMonitor: allow trimming maps even if osds are down
* (bsc#1171367) Set OSD's bluefs-buffered-io param to false by default
- Version: 0.9.33
- drop workarounds for old ceph-volume lvm batch command
- runners/upgrade: Add SES6->7 pre-upgrade checks
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2020-3257=1
Package List:
- SUSE Enterprise Storage 6 (noarch):
deepsea-0.9.33+git.0.ed16d26e-3.27.1
deepsea-cli-0.9.33+git.0.ed16d26e-3.27.1
References:
https://www.suse.com/security/cve/CVE-2020-10753.html
https://bugzilla.suse.com/1151612
https://bugzilla.suse.com/1152100
https://bugzilla.suse.com/1155045
https://bugzilla.suse.com/1155262
https://bugzilla.suse.com/1156087
https://bugzilla.suse.com/1156409
https://bugzilla.suse.com/1158257
https://bugzilla.suse.com/1159689
https://bugzilla.suse.com/1160626
https://bugzilla.suse.com/1161718
https://bugzilla.suse.com/1162553
https://bugzilla.suse.com/1163119
https://bugzilla.suse.com/1164571
https://bugzilla.suse.com/1165713
https://bugzilla.suse.com/1165835
https://bugzilla.suse.com/1165840
https://bugzilla.suse.com/1166297
https://bugzilla.suse.com/1166393
https://bugzilla.suse.com/1166624
https://bugzilla.suse.com/1166670
https://bugzilla.suse.com/1166932
https://bugzilla.suse.com/1167477
https://bugzilla.suse.com/1168403
https://bugzilla.suse.com/1169134
https://bugzilla.suse.com/1169356
https://bugzilla.suse.com/1170487
https://bugzilla.suse.com/1170938
https://bugzilla.suse.com/1171367
https://bugzilla.suse.com/1171921
https://bugzilla.suse.com/1171956
https://bugzilla.suse.com/1172142
https://bugzilla.suse.com/1173339
https://bugzilla.suse.com/1174591
https://bugzilla.suse.com/1175061
https://bugzilla.suse.com/1175240
https://bugzilla.suse.com/1175781
More information about the sle-security-updates
mailing list