Security update for ceph SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:0758-1 Final 1 1 2017-03-20T15:22:43Z current 2017-03-20T15:22:43Z 2017-03-20T15:22:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ceph This update provides Ceph 10.2.5, which brings fixes and enhancements: This security issue was fixed: - CVE-2016-8626: Handle empty POST condition to not allow attackers to crash the ceph-radosgw service. (bsc#1007217) These non-security issues were fixed: - OSD daemon uses 100% CPU load after OSD creation (bsc#1014338) - ceph-deploy fails with dmcrypt flag (bsc#1008435) - OSD's are not mounted after upgrade (bsc#1012100) - ceph-osd service fails to start OSD randomly (bsc#1019616) - Add missing argument comma to ceph-create-keys (bsc#1008894) - Add Install section to systemd rbdmap.service file (bsc#1015748) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-Storage-3-2017-416 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20170758-1/ Link for SUSE-SU-2017:0758-1 https://lists.suse.com/pipermail/sle-security-updates/2017-March/002713.html E-Mail link for SUSE-SU-2017:0758-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1007217 SUSE Bug 1007217 https://bugzilla.suse.com/1008435 SUSE Bug 1008435 https://bugzilla.suse.com/1008894 SUSE Bug 1008894 https://bugzilla.suse.com/1012100 SUSE Bug 1012100 https://bugzilla.suse.com/1014338 SUSE Bug 1014338 https://bugzilla.suse.com/1015748 SUSE Bug 1015748 https://bugzilla.suse.com/1019616 SUSE Bug 1019616 https://www.suse.com/security/cve/CVE-2016-8626/ SUSE CVE CVE-2016-8626 page SUSE Enterprise Storage 3 ceph-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-base-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-common-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-fuse-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-mds-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-mon-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-osd-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-radosgw-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-test-10.2.5+git.1485186288.4e3c6c4-12.2 libcephfs1-10.2.5+git.1485186288.4e3c6c4-12.2 librados2-10.2.5+git.1485186288.4e3c6c4-12.2 libradosstriper1-10.2.5+git.1485186288.4e3c6c4-12.2 librbd1-10.2.5+git.1485186288.4e3c6c4-12.2 librgw2-10.2.5+git.1485186288.4e3c6c4-12.2 python-ceph-compat-10.2.5+git.1485186288.4e3c6c4-12.2 python-cephfs-10.2.5+git.1485186288.4e3c6c4-12.2 python-rados-10.2.5+git.1485186288.4e3c6c4-12.2 python-rbd-10.2.5+git.1485186288.4e3c6c4-12.2 rbd-fuse-10.2.5+git.1485186288.4e3c6c4-12.2 rbd-mirror-10.2.5+git.1485186288.4e3c6c4-12.2 rbd-nbd-10.2.5+git.1485186288.4e3c6c4-12.2 ceph-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 ceph-base-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 ceph-common-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 ceph-fuse-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 ceph-mds-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 ceph-mon-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 ceph-osd-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 ceph-radosgw-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 ceph-test-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 libcephfs1-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 librados2-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 libradosstriper1-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 librbd1-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 librgw2-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 python-ceph-compat-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 python-cephfs-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 python-rados-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 python-rbd-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 rbd-fuse-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 rbd-mirror-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 rbd-nbd-10.2.5+git.1485186288.4e3c6c4-12.2 as a component of SUSE Enterprise Storage 3 A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. CVE-2016-8626 SUSE Enterprise Storage 3:ceph-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:ceph-base-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:ceph-common-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:ceph-fuse-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:ceph-mds-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:ceph-mon-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:ceph-osd-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:ceph-radosgw-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:ceph-test-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:libcephfs1-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:librados2-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:libradosstriper1-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:librbd1-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:librgw2-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:python-ceph-compat-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:python-cephfs-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:python-rados-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:python-rbd-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:rbd-fuse-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:rbd-mirror-10.2.5+git.1485186288.4e3c6c4-12.2 SUSE Enterprise Storage 3:rbd-nbd-10.2.5+git.1485186288.4e3c6c4-12.2 moderate 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170758-1/ https://www.suse.com/security/cve/CVE-2016-8626.html CVE-2016-8626 https://bugzilla.suse.com/1007217 SUSE Bug 1007217