Security update for ceph SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:1479-1 Final 1 1 2017-06-02T13:03:43Z current 2017-06-02T13:03:43Z 2017-06-02T13:03:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ceph This update provides Ceph 10.2.6, which brings fixes and enhancements: This security issue was fixed: - CVE-2016-9579: Do not abort RGW server when accepting a CORS request with short origin. (bsc#1014986) These non-security issues were fixed: - common: Add rdbmap to ceph-common. (bsc#1029482) - tools/rados: Default to include clone objects when executing 'cache-flush-evict-all'. (bsc#1003891) - mon, ceph-disk: Add lockbox permissions to bootstrap-osd. (bsc#1008435) - ceph_volume_client: Fix _recover_auth_meta() method. (bsc#1008501) - systemd/ceph-disk: Reduce ceph-disk flock contention. (bsc#1012100) - doc: Add verbiage to rbdmap manpage. (bsc#1015748) - doc: Add Install section to systemd rbdmap.service file. (bsc#1015748) - doc: Remove references to mds destroy from ceph-deploy man page. (bsc#970642) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-Storage-4-2017-911 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20171479-1/ Link for SUSE-SU-2017:1479-1 https://lists.suse.com/pipermail/sle-security-updates/2017-June/002935.html E-Mail link for SUSE-SU-2017:1479-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1003891 SUSE Bug 1003891 https://bugzilla.suse.com/1008435 SUSE Bug 1008435 https://bugzilla.suse.com/1008501 SUSE Bug 1008501 https://bugzilla.suse.com/1012100 SUSE Bug 1012100 https://bugzilla.suse.com/1014986 SUSE Bug 1014986 https://bugzilla.suse.com/1015748 SUSE Bug 1015748 https://bugzilla.suse.com/1029482 SUSE Bug 1029482 https://bugzilla.suse.com/970642 SUSE Bug 970642 https://www.suse.com/security/cve/CVE-2016-9579/ SUSE CVE CVE-2016-9579 page SUSE Enterprise Storage 4 ceph-10.2.6+git.1490339825.57146d8-11.7 ceph-base-10.2.6+git.1490339825.57146d8-11.7 ceph-common-10.2.6+git.1490339825.57146d8-11.7 ceph-fuse-10.2.6+git.1490339825.57146d8-11.7 ceph-mds-10.2.6+git.1490339825.57146d8-11.7 ceph-mon-10.2.6+git.1490339825.57146d8-11.7 ceph-osd-10.2.6+git.1490339825.57146d8-11.7 ceph-radosgw-10.2.6+git.1490339825.57146d8-11.7 ceph-test-10.2.6+git.1490339825.57146d8-11.7 libcephfs1-10.2.6+git.1490339825.57146d8-11.7 librados2-10.2.6+git.1490339825.57146d8-11.7 libradosstriper1-10.2.6+git.1490339825.57146d8-11.7 librbd1-10.2.6+git.1490339825.57146d8-11.7 librgw2-10.2.6+git.1490339825.57146d8-11.7 python-ceph-compat-10.2.6+git.1490339825.57146d8-11.7 python-cephfs-10.2.6+git.1490339825.57146d8-11.7 python-rados-10.2.6+git.1490339825.57146d8-11.7 python-rbd-10.2.6+git.1490339825.57146d8-11.7 rbd-fuse-10.2.6+git.1490339825.57146d8-11.7 rbd-mirror-10.2.6+git.1490339825.57146d8-11.7 rbd-nbd-10.2.6+git.1490339825.57146d8-11.7 ceph-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 ceph-base-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 ceph-common-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 ceph-fuse-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 ceph-mds-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 ceph-mon-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 ceph-osd-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 ceph-radosgw-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 ceph-test-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 libcephfs1-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 librados2-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 libradosstriper1-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 librbd1-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 librgw2-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 python-ceph-compat-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 python-cephfs-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 python-rados-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 python-rbd-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 rbd-fuse-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 rbd-mirror-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 rbd-nbd-10.2.6+git.1490339825.57146d8-11.7 as a component of SUSE Enterprise Storage 4 A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected. CVE-2016-9579 SUSE Enterprise Storage 4:ceph-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:ceph-base-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:ceph-common-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:ceph-fuse-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:ceph-mds-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:ceph-mon-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:ceph-osd-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:ceph-radosgw-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:ceph-test-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:libcephfs1-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:librados2-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:libradosstriper1-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:librbd1-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:librgw2-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:python-ceph-compat-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:python-cephfs-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:python-rados-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:python-rbd-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:rbd-fuse-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:rbd-mirror-10.2.6+git.1490339825.57146d8-11.7 SUSE Enterprise Storage 4:rbd-nbd-10.2.6+git.1490339825.57146d8-11.7 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20171479-1/ https://www.suse.com/security/cve/CVE-2016-9579.html CVE-2016-9579 https://bugzilla.suse.com/1014986 SUSE Bug 1014986