Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="8546">
  <issue tracker="bnc" id="1094932">osd: force restart peering when osd is marked down</issue>
  <issue tracker="bnc" id="1092874">bluestore: db.slow used when db is not full</issue>
  <issue tracker="bnc" id="1099162">VUL-0: CVE-2018-10861: ceph: ceph-mon does not perform authorization on OSD pool ops</issue>
  <issue tracker="bnc" id="1096748">VUL-0: CVE-2018-1128 CVE-2018-1129: ceph: various issues with cephx</issue>
  <issue tracker="cve" id="2018-10861"/>
  <issue tracker="cve" id="2018-1129"/>
  <issue tracker="cve" id="2018-1128"/>
  <category>security</category>
  <rating>important</rating>
  <packager>holgisms</packager>
  <description>This update for ceph fixes the following issues:

Security issues fixed:

- CVE-2018-10861: Ensure that ceph-mon does perform authorization on all OSD pool ops (bsc#1099162)
- CVE-2018-1129: cephx signature check bypass (bsc#1096748)
- CVE-2018-1128: cephx protocol was vulnerable to replay attack (bsc#1096748)

Bugs fixed in 12.2.7-420-gc0ef85b854:
    
- luminous: osd: eternal stuck PG in 'unfound_recovery' (bsc#1094932)
- bluestore: db.slow used when db is not full (bsc#1092874)
- Upstream fixes and improvements, see https://ceph.com/releases/12-2-7-luminous-released/
  
This update was imported from the SUSE:SLE-12-SP3:Update update project.</description>
  <summary>Security update for ceph</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places