File _patchinfo of Package patchinfo

<patchinfo incident="9742">
  <issue tracker="bnc" id="1113246">OSDs failing due to stupidalloc 0x0x559961d8b180 dump</issue>
  <issue id="1111177" tracker="bnc">VUL-1: CVE-2018-14662: ceph: LUKS "config-key" safety issue</issue>
  <issue id="1114710" tracker="bnc">VUL-0: CVE-2018-16846: ceph: RGW sec vuln: max-keys</issue>
  <issue id="1121567" tracker="bnc">VUL-0: CVE-2018-16889: ceph: properly sanitize encryption keys in debug logging for v4 auth</issue>
  <issue tracker="cve" id="2018-14662"/>
  <issue tracker="cve" id="2018-16846"/>
  <issue tracker="cve" id="2018-16889"/>
  <category>security</category>
  <rating>important</rating>
  <packager>smithfarm</packager>
  <description>This update for ceph fixes the following issues:

Security issues fixed:

- CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177)
- CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710)
- CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567)

Non-security issue fixed:

- os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246)

This update was imported from the SUSE:SLE-12-SP3:Update update project.</description>
  <summary>Security update for ceph</summary>
</patchinfo>