openSUSE Security Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0910-1 Rating: moderate References: #1003891 #1008435 #1008501 #1012100 #1014986 #1015748 #1019616 #970642 Cross-References: CVE-2016-9579 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This ceph version update to 10.2.6+git fixes the following issues: Security issues fixed: - CVE-2016-9579: RGW server DoS via request with invalid HTTP Origin header (boo#1014986). Bugfixes: - Update to version 10.2.6+git.1489493035.3ad7a68 - "tools/rados: default to include clone objects when excuting "cache-flush-evict-all" (boo#1003891) - mon,ceph-disk: add lockbox permissions to bootstrap-osd (boo#1008435) - "ceph_volume_client: fix _recover_auth_meta() method" (boo#1008501) - "systemd/ceph-disk: reduce ceph-disk flock contention" (boo#1012100) - "doc: add verbiage to rbdmap manpage" and "Add Install section to systemd rbdmap.service file" (boo#1015748) - ceph-disk: systemd unit must run after local-fs.target (boo#1012100) - build/ops: restart ceph-osd@.service after 20s instead of 100ms (boo#1019616) - doc: add verbiage to rbdmap manpage and mention rbdmap in RBD quick start (boo#1015748) - doc: ceph-deploy man: remove references to mds destroy. Not implemented (boo#970642) Feature enhancements: - FATE#321098: * rpm: deobfuscate SUSE-specific bconds * rpm: consider xio bcond on x86_64 and aarch64 only * rpm: remove s390 from SES ExclusiveArch * rpm: limit lttng/babeltrace to architectures * rpm: limit xio build * rpm: enable build for s390(x) in SLE * rpm: add "without valgrind_devel" configure option Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-421=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): ceph-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-base-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-base-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-common-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-common-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-fuse-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-fuse-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-mds-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-mds-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-mon-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-mon-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-osd-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-osd-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-radosgw-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-radosgw-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-resource-agents-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-test-10.2.6+git.1489493035.3ad7a68-6.4.1 ceph-test-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 libcephfs-devel-10.2.6+git.1489493035.3ad7a68-6.4.1 libcephfs1-10.2.6+git.1489493035.3ad7a68-6.4.1 libcephfs1-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 librados-devel-10.2.6+git.1489493035.3ad7a68-6.4.1 librados-devel-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 librados2-10.2.6+git.1489493035.3ad7a68-6.4.1 librados2-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 libradosstriper-devel-10.2.6+git.1489493035.3ad7a68-6.4.1 libradosstriper1-10.2.6+git.1489493035.3ad7a68-6.4.1 libradosstriper1-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 librbd-devel-10.2.6+git.1489493035.3ad7a68-6.4.1 librbd1-10.2.6+git.1489493035.3ad7a68-6.4.1 librbd1-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 librgw-devel-10.2.6+git.1489493035.3ad7a68-6.4.1 librgw2-10.2.6+git.1489493035.3ad7a68-6.4.1 librgw2-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 python-ceph-compat-10.2.6+git.1489493035.3ad7a68-6.4.1 python-cephfs-10.2.6+git.1489493035.3ad7a68-6.4.1 python-cephfs-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 python-rados-10.2.6+git.1489493035.3ad7a68-6.4.1 python-rados-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 python-rbd-10.2.6+git.1489493035.3ad7a68-6.4.1 python-rbd-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 rbd-fuse-10.2.6+git.1489493035.3ad7a68-6.4.1 rbd-fuse-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 rbd-mirror-10.2.6+git.1489493035.3ad7a68-6.4.1 rbd-mirror-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 rbd-nbd-10.2.6+git.1489493035.3ad7a68-6.4.1 rbd-nbd-debuginfo-10.2.6+git.1489493035.3ad7a68-6.4.1 References: https://www.suse.com/security/cve/CVE-2016-9579.html https://bugzilla.suse.com/1003891 https://bugzilla.suse.com/1008435 https://bugzilla.suse.com/1008501 https://bugzilla.suse.com/1012100 https://bugzilla.suse.com/1014986 https://bugzilla.suse.com/1015748 https://bugzilla.suse.com/1019616 https://bugzilla.suse.com/970642