Overview
Security update for ceph

This update for ceph version 13.2.4 fixes the following issues:

Security issues fixed:

- CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety (bsc#1111177)
- CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon (bsc#1099162)
- CVE-2018-1128: Fixed signature check bypass in cephx (bsc#1096748)
- CVE-2018-1129: Fixed replay attack in cephx protocol (bsc#1096748)
- CVE-2018-16846: Enforced bounds on max-keys/max-uploads/max-parts in rgw (bsc#1114710)

Non-security issues fixed:

- ceph-volume Python 3 fixes (bsc#1114567)
- Fixed python3 module loading (bsc#1086613)
- Fixed an issue where ceph build fails (bsc#1084645)
- ceph's SPDK builds with march=native (bsc#1101262)

This update was imported from the SUSE:SLE-15:Update update project.

Fixed bugs
bnc#1084645
GCC 8: ceph build fails
bnc#1099162
VUL-0: CVE-2018-10861: ceph: ceph-mon does not perform authorization on OSD pool ops
bnc#1096748
VUL-0: CVE-2018-1128 CVE-2018-1129: ceph: various issues with cephx
bnc#1101262
ceph's SPDK builds with march=native
bnc#1086613
Module 'smart' Not Found
bnc#1114567
ceph-volume: memoryview: a bytes-like object is required, not 'str'
bnc#1111177
VUL-1: CVE-2018-14662: ceph: LUKS "config-key" safety issue
bnc#1114710
VUL-0: CVE-2018-16846: ceph: RGW sec vuln: max-keys
CVE-2018-16846
CVE-2018-14662
CVE-2018-10861
CVE-2018-1129
CVE-2018-1128
Selected Binaries
openSUSE Build Service is sponsored by
Places