File _patchinfo of Package patchinfo.10056

<patchinfo incident="10056">
  <issue tracker="bnc" id="1084645">GCC 8: ceph build fails</issue>
  <issue tracker="bnc" id="1099162">VUL-0: CVE-2018-10861: ceph: ceph-mon does not perform authorization on OSD pool ops</issue>
  <issue tracker="bnc" id="1096748">VUL-0: CVE-2018-1128 CVE-2018-1129: ceph: various issues with cephx</issue>
  <issue tracker="bnc" id="1101262">ceph's SPDK builds with march=native</issue>
  <issue tracker="bnc" id="1086613">Module 'smart' Not Found</issue>
  <issue tracker="bnc" id="1114567">ceph-volume: memoryview: a bytes-like object is required, not 'str'</issue>
  <issue tracker="bnc" id="1111177">VUL-1: CVE-2018-14662: ceph: LUKS "config-key" safety issue</issue>
  <issue tracker="cve" id="2018-16846"/>
  <issue tracker="cve" id="2018-14662"/>
  <issue tracker="cve" id="2018-10861"/>
  <issue tracker="cve" id="2018-1129"/>
  <issue tracker="cve" id="2018-1128"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>smithfarm</packager>
  <description>This update for ceph version 13.2.4 fixes the following issues:

Security issues fixed:

- CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety (bsc#1111177)
- CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon (bsc#1099162)
- CVE-2018-1128: Fixed signature check bypass in cephx (bsc#1096748)
- CVE-2018-1129: Fixed replay attack in cephx protocol (bsc#1096748)
- CVE-2018-16846: Enforced bounds on max-keys/max-uploads/max-parts in rgw

Non-security issues fixed:

- ceph-volume Python 3 fixes (bsc#1114567)
- fix python3 module loading (bsc#1086613)
</description>
  <summary>Security update for ceph</summary>
</patchinfo>