Overview

File _patchinfo of Package patchinfo.27860

<patchinfo incident="27860">
  <issue tracker="bnc" id="1187748">When an RBD is mapped, it is attempted to be deployed as an OSD</issue>
  <issue tracker="bnc" id="1188911">OSD marked down causes wrong backfill_toofull</issue>
  <issue tracker="bnc" id="1204430">VUL-0: CVE-2022-3650: ceph: ceph-base: ceph-crash.service Python script allows privilege escalation from ceph to root</issue>
  <issue tracker="bnc" id="1202077">SES7.1: Need to configure prometheus: custom_scrape_configs: within containers.</issue>
  <issue tracker="bnc" id="1203375">Tiny virtual floppy device  causes OSD service placement to fail &#8212; ref:_00D1igLOd._5005qBACg6:ref</issue>
  <issue tracker="bnc" id="1201604">cephfs-shell not installing correctly with updated setuptools</issue>
  <issue tracker="bnc" id="1201837">VUL-0: CVE-2022-0670: ceph: user/tenant can access (read/write) any share</issue>
  <issue tracker="bnc" id="1199183">OSD OOM killed when pgs where scaled</issue>
  <issue tracker="bnc" id="1205025">VUL-0: CVE-2022-3854: ceph: possible DoS issue in ceph URL processing on RGW backends</issue>
  <issue tracker="bnc" id="1196046">SES7: alertmanager webhook_configs has wrong (short name) URLs in /etc/alertmanager/alertmanager.yml resulting in endless SSL certificate warnings in syslog</issue>
  <issue tracker="bnc" id="1201976">L3-Question: Ceph dashboard legend does not show names</issue>
  <issue tracker="bnc" id="1206158">L3-Question: "insecure global_id reclaim" warning for iSCSI gateway &#8212; ref:_00D1igLOd._5005qGKZ5W:ref</issue>
  <issue tracker="bnc" id="1192840">"cephadm shell" barfs out a Python traceback ("TypeError: _daemon_add_misc() got an unexpected keyword argument")</issue>
  <issue tracker="bnc" id="1200978">Passive managers incorrectly re-directs alertmanager using the IP address instead of FQDN</issue>
  <issue tracker="bnc" id="1201797">unable create/delete subvolume in cephfs</issue>
  <issue tracker="bnc" id="1200317">After OSD replacement completed cephadm failed and cluster ended up with 12 OSDs down and client access failures</issue>
  <issue tracker="bnc" id="1205436">SES 7.1: dashboard tries to access rgw via IP instead of rgw_api_host</issue>
  <issue tracker="bnc" id="1192838">cephadm: iscsi missing mgr permissions</issue>
  <issue tracker="bnc" id="1202292">[staging][ftbfs] ceph fails to build against fmt 9.0</issue>
  <issue tracker="bnc" id="1200501">Grafana Pie Chart panel stopped working</issue>
  <issue tracker="bnc" id="1200262">SES7: "ceph orch apply -i drive_groups-1.yml --dry-run" fails when using "block_db_size:"</issue>
  <issue tracker="cve" id="2022-0670"/>
  <issue tracker="cve" id="2022-3854"/>
  <issue tracker="cve" id="2022-3650"/>
  <packager>tserong</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ceph</summary>
  <description>This update for ceph fixes the following issues:

Security issues fixed:

- CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837).
- CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430).
- CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025).

Bug fixes:

- osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183).
- ceph-volume: fix fast device alloc size on mulitple device  (bsc#1200262).
- cephadm: update monitoring container images (bsc#1200501).
- mgr/dashboard: prevent alert redirect (bsc#1200978).
- mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797).
- monitoring/ceph-mixin: add RGW host to label info (bsc#1201976).
- mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077).
- python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375).
- mgr/dashboard: fix rgw connect when using ssl (bsc#1205436).
- ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292).
- cephfs-shell: move source to separate subdirectory (bsc#1201604).

Fix in previous release:

- mgr/cephadm: try to get FQDN for configuration files (bsc#1196046).
- When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748).
- OSD marked down causes wrong backfill_toofull (bsc#1188911).
- cephadm: Fix iscsi client caps (allow mgr &lt;service status&gt; calls) (bsc#1192838).
- mgr/cephadm: fix and improve osd draining (bsc#1200317).
- add iscsi and nfs to upgrade process (bsc#1206158).
- mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places