openSUSE-SU-2017:0910-1: moderate: Recommended update for ceph

3 Apr 2017

      openSUSE Security Update: Recommended update for ceph
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:0910-1
Rating:             moderate
References:         #1003891 #1008435 #1008501 #1012100 #1014986 
                    #1015748 #1019616 #970642 
Cross-References:   CVE-2016-9579
Affected Products:
                    openSUSE Leap 42.2
______________________________________________________________________________

   An update that solves one vulnerability and has 7 fixes is
   now available.

Description:

   This ceph version update to 10.2.6+git fixes the following issues:

   Security issues fixed:
   - CVE-2016-9579: RGW server DoS via request with invalid HTTP Origin
     header (boo#1014986).

   Bugfixes:
   - Update to version 10.2.6+git.1489493035.3ad7a68
   - "tools/rados: default to include clone objects when excuting
     "cache-flush-evict-all" (boo#1003891)
   - mon,ceph-disk: add lockbox permissions to bootstrap-osd (boo#1008435)
   - "ceph_volume_client: fix _recover_auth_meta() method" (boo#1008501)
   - "systemd/ceph-disk: reduce ceph-disk flock contention" (boo#1012100)
   - "doc: add verbiage to rbdmap manpage" and "Add Install section to
     systemd rbdmap.service file" (boo#1015748)
   - ceph-disk: systemd unit must run after local-fs.target (boo#1012100)
   - build/ops: restart ceph-osd@.service after 20s instead of 100ms
     (boo#1019616)
   - doc: add verbiage to rbdmap manpage and mention rbdmap in RBD quick
     start (boo#1015748)
   - doc: ceph-deploy man: remove references to mds destroy. Not implemented
     (boo#970642)

   Feature enhancements:
   - FATE#321098:
     * rpm: deobfuscate SUSE-specific bconds
     * rpm: consider xio bcond on x86_64 and aarch64 only
     * rpm: remove s390 from SES ExclusiveArch
     * rpm: limit lttng/babeltrace to architectures
     * rpm: limit xio build
     * rpm: enable build for s390(x) in SLE
     * rpm: add "without valgrind_devel" configure option

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.2:

      zypper in -t patch openSUSE-2017-421=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE Leap 42.2 (x86_64):

      ceph-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-base-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-base-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-common-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-common-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-fuse-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-fuse-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-mds-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-mds-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-mon-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-mon-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-osd-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-osd-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-radosgw-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-radosgw-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-resource-agents-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-test-10.2.6+git.1489493035.3ad7a68-6.4.1
      ceph-test-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      libcephfs-devel-10.2.6+git.1489493035.3ad7a68-6.4.1
      libcephfs1-10.2.6+git.1489493035.3ad7a68-6.4.1
      libcephfs1-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      librados-devel-10.2.6+git.1489493035.3ad7a68-6.4.1
      librados-devel-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      librados2-10.2.6+git.1489493035.3ad7a68-6.4.1
      librados2-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      libradosstriper-devel-10.2.6+git.1489493035.3ad7a68-6.4.1
      libradosstriper1-10.2.6+git.1489493035.3ad7a68-6.4.1
      libradosstriper1-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      librbd-devel-10.2.6+git.1489493035.3ad7a68-6.4.1
      librbd1-10.2.6+git.1489493035.3ad7a68-6.4.1
      librbd1-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      librgw-devel-10.2.6+git.1489493035.3ad7a68-6.4.1
      librgw2-10.2.6+git.1489493035.3ad7a68-6.4.1
      librgw2-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      python-ceph-compat-10.2.6+git.1489493035.3ad7a68-6.4.1
      python-cephfs-10.2.6+git.1489493035.3ad7a68-6.4.1
      python-cephfs-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      python-rados-10.2.6+git.1489493035.3ad7a68-6.4.1
      python-rados-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      python-rbd-10.2.6+git.1489493035.3ad7a68-6.4.1
      python-rbd-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      rbd-fuse-10.2.6+git.1489493035.3ad7a68-6.4.1
      rbd-fuse-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      rbd-mirror-10.2.6+git.1489493035.3ad7a68-6.4.1
      rbd-mirror-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1
      rbd-nbd-10.2.6+git.1489493035.3ad7a68-6.4.1
      rbd-nbd-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1

References:

   https://www.suse.com/security/cve/CVE-2016-9579.html
   https://bugzilla.suse.com/1003891
   https://bugzilla.suse.com/1008435
   https://bugzilla.suse.com/1008501
   https://bugzilla.suse.com/1012100
   https://bugzilla.suse.com/1014986
   https://bugzilla.suse.com/1015748
   https://bugzilla.suse.com/1019616
   https://bugzilla.suse.com/970642

openSUSE-SU-2017:0910-1: moderate: Recommended update for ceph

opensuse-security＠opensuse.org