Recommended update for ceph SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2809-1 Final 1 1 2016-11-15T17:11:37Z current 2016-11-15T17:11:37Z 2016-11-15T17:11:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for ceph This update provides Ceph 10.2.3, which includes important bug fixes in RBD mirroring, RGW multi-site, CephFS, and RADOS. Build/OPS: - AArch64: Detect crc32 extension support from assembler. (bsc#999688) - Drop legacy ceph RA which doesn't work with systemd unit files. - The mount.ceph binary, which is used to mount CephFS pools, was moved to the ceph-common package so it can be run from any client. - Accept bcache devices as data disks and fix partprobe intermittent issues during ceph-disk prepare. CephFS: - Several bug fixes for improved stability. RBD: - A number of fixes for RBD mirroring. - Several bug fixes for improved stability. RADOS: - CVE-2016-5009: moncommand with empty prefix crashes monitor. (bsc#987144) - Backports of many asyncmsgr fixes to jewel. - Several bug fixes for improved OSD stability. - Fix for a C++ symbol visibility issue in librados. RGW: - Fixes for number of issues related to syncing between remote sites. - A number of other bug fixes, including fixes for: + IPv6 + HTTPS/port 443 (bsc#990438) + radosgw-admin + Swift API + AWS4 API For a full list of issues fixed in this release, see: http://docs.ceph.com/docs/master/release-notes/#v10-2-3-jewel The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-Storage-3-2016-1653 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162809-1/ Link for SUSE-SU-2016:2809-1 https://lists.suse.com/pipermail/sle-security-updates/2016-November/002403.html E-Mail link for SUSE-SU-2016:2809-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1005954 SUSE Bug 1005954 https://bugzilla.suse.com/982141 SUSE Bug 982141 https://bugzilla.suse.com/985232 SUSE Bug 985232 https://bugzilla.suse.com/987144 SUSE Bug 987144 https://bugzilla.suse.com/987594 SUSE Bug 987594 https://bugzilla.suse.com/989512 SUSE Bug 989512 https://bugzilla.suse.com/990438 SUSE Bug 990438 https://bugzilla.suse.com/999688 SUSE Bug 999688 https://www.suse.com/security/cve/CVE-2016-5009/ SUSE CVE CVE-2016-5009 page SUSE Enterprise Storage 3 ceph-10.2.3+git.1475228057.755cf99-7.3 ceph-base-10.2.3+git.1475228057.755cf99-7.3 ceph-common-10.2.3+git.1475228057.755cf99-7.3 ceph-fuse-10.2.3+git.1475228057.755cf99-7.3 ceph-mds-10.2.3+git.1475228057.755cf99-7.3 ceph-mon-10.2.3+git.1475228057.755cf99-7.3 ceph-osd-10.2.3+git.1475228057.755cf99-7.3 ceph-radosgw-10.2.3+git.1475228057.755cf99-7.3 libcephfs1-10.2.3+git.1475228057.755cf99-7.3 librados2-10.2.3+git.1475228057.755cf99-7.3 libradosstriper1-10.2.3+git.1475228057.755cf99-7.3 librbd1-10.2.3+git.1475228057.755cf99-7.3 librgw2-10.2.3+git.1475228057.755cf99-7.3 python-ceph-compat-10.2.3+git.1475228057.755cf99-7.3 python-cephfs-10.2.3+git.1475228057.755cf99-7.3 python-rados-10.2.3+git.1475228057.755cf99-7.3 python-rbd-10.2.3+git.1475228057.755cf99-7.3 rbd-fuse-10.2.3+git.1475228057.755cf99-7.3 rbd-mirror-10.2.3+git.1475228057.755cf99-7.3 rbd-nbd-10.2.3+git.1475228057.755cf99-7.3 ceph-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 ceph-base-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 ceph-common-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 ceph-fuse-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 ceph-mds-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 ceph-mon-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 ceph-osd-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 ceph-radosgw-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 libcephfs1-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 librados2-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 libradosstriper1-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 librbd1-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 librgw2-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 python-ceph-compat-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 python-cephfs-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 python-rados-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 python-rbd-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 rbd-fuse-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 rbd-mirror-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 rbd-nbd-10.2.3+git.1475228057.755cf99-7.3 as a component of SUSE Enterprise Storage 3 The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. CVE-2016-5009 SUSE Enterprise Storage 3:ceph-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:ceph-base-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:ceph-common-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:ceph-fuse-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:ceph-mds-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:ceph-mon-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:ceph-osd-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:ceph-radosgw-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:libcephfs1-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:librados2-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:libradosstriper1-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:librbd1-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:librgw2-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:python-ceph-compat-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:python-cephfs-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:python-rados-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:python-rbd-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:rbd-fuse-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:rbd-mirror-10.2.3+git.1475228057.755cf99-7.3 SUSE Enterprise Storage 3:rbd-nbd-10.2.3+git.1475228057.755cf99-7.3 moderate 5.2 AV:A/AC:M/Au:S/C:N/I:N/A:C 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162809-1/ https://www.suse.com/security/cve/CVE-2016-5009.html CVE-2016-5009 https://bugzilla.suse.com/987144 SUSE Bug 987144