SUSE-CU-2019:753-1: Security update of ses/6/ceph/ceph
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Sat Feb 1 01:37:18 MST 2020
SUSE Container Update Advisory: ses/6/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:753-1
Container Tags : ses/6/ceph/ceph:14.2.4.386 , ses/6/ceph/ceph:14.2.4.386.1.5.61 , ses/6/ceph/ceph:latest
Container Release : 1.5.61
Severity : important
Type : security
References : 1103320 1132767 1134444 1135584 1137503 1140491 1141174 1145093
1145617 1145618 1145759 1146656 1147132 1149093 1150406 1151439
1151990 1151991 1151992 1151993 1151994 1151995 1152002 1154019
1154036 1154037 1156282 CVE-2019-10222 CVE-2019-17594 CVE-2019-17595
-----------------------------------------------------------------
The container ses/6/ceph/ceph was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2019:2980-1
Released: Thu Nov 14 22:45:33 2019
Summary: Optional update for curl
Type: optional
Severity: low
References: 1154019
Description:
This update for curl doesn't address any user visible issues.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2994-1
Released: Mon Nov 18 13:34:33 2019
Summary: Security update for ceph
Type: security
Severity: important
References: 1132767,1134444,1135584,1137503,1140491,1141174,1145093,1145617,1145618,1145759,1146656,1147132,1149093,1150406,1151439,1151990,1151991,1151992,1151993,1151994,1151995,1152002,1156282,CVE-2019-10222
Description:
This update for ceph fixes the following issues:
- A previous update introduced a regression with the potential to cause RocksDB
data corruption in Nautilus (bsc#1156282).
- Support for iSCSI target-level CHAP authentication was added (bsc#1145617).
- Implemented validation and rendering of iSCSI controls based 'type'
(bsc#1140491).
- Fixed an error while editing iSCSI image advanced settings (bsc#1146656).
- Fixed a ceph-volume regression. SES customers were never exposed to this
regression (bsc#1132767).
- Fixed a denial of service vulnerability where an unauthenticated client of
Ceph Object Gateway could trigger a crash from an uncaught exception
(bsc#1145093, CVE-2019-10222)
- Nautilus-based librbd clients could not open images on Jewel clusters
(bsc#1151994).
- The RGW num_rados_handles has been removed (bsc#1151995).
- 'osd_deep_scrub_large_omap_object_key_threshold' has been lowered in Nautilus
(bsc#1152002).
- The ceph dashboard now supports silencing Prometheus notifications
(bsc#1141174).
- The no{up,down,in,out} related commands have been revamped (bsc#1151990).
- Radosgw-admin got two new subcommands for managing expire-stale objects
(bsc#1151991)..
- Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from SES5
used to break pool utilization stats reported by ceph df (bsc#1151992).
- Ceph clusters will issue a health warning if CRUSH tunables are older than
'hammer' (bsc#1151993).
- Ceph-volume prints errors to stdout with --format json (bsc#1132767).
- Changing rgw-api-host in the dashboard does not get effective without
disable/enable dashboard mgr module (bsc#1137503).
- Silenced Alertmanager alerts in the dashboard (bsc#1141174).
- Fixed e2e failures in the dashboard caused by webdriver version (bsc#1145759)
- librbd always tries to acquire exclusive lock when removing image an
(bsc#1149093).
Fixes in ses-manual_en:
- Added a new chapter with changelogs of Ceph releases. (bsc#1135584)
- Rewrote rolling updates and replaced running stage.0 with manual commands to prevent infinite loop. (bsc#1134444)
- Improved name of CaaSP to its fuller version. (bsc#1151439)
- Verify which OSD's are going to be removed before running stage.5. (bsc#1150406)
- Added two additional steps to recovering an OSD. (bsc#1147132)
Fixes in ceph-iscsi:
- Validate kernel LIO controls type and value (bsc#1140491)
- TPG lun_id persistence (bsc#1145618)
- Target level CHAP authentication (bsc#1145617)
ceph-iscsi was updated to the upstream 3.2 release:
- Always use host FQDN instead of shortname
- Validate min/max value for target controls and rbd:user/tcmu-runner image
controls (bsc#1140491)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2997-1
Released: Mon Nov 18 15:16:38 2019
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595
Description:
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).
Non-security issue fixed:
- Removed screen.xterm from terminfo database (bsc#1103320).
More information about the sle-updates
mailing list