Overview

File _patchinfo of Package patchinfo.17695

<patchinfo incident="17695">
   <issue tracker="bnc" id="1179802"> VUL-0: CVE-2020-27781: ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila</issue>
   <issue tracker="bnc" id="1180155">(CVE-2020-27781) cephx privilege escalation possible via ceph_volume_client Python interface</issue>
  <issue tracker="bnc" id="1180107">L3: ceph-volume drive-group trying to add nodes root disk to lvm [ref:_00D1igLOd._5001iX9vJP:ref]</issue>
  <issue tracker="bnc" id="1178860">L3: SES6: Disable TLS 1.0 to fix CEPH nodes vulnerabilities</issue>
  <issue tracker="bnc" id="1179016">L3: Dashboard shows "error code -22"  under Cluster &gt; OSDs &gt; Device Health</issue>
  <issue tracker="cve" id="2020-27781"/>
  <packager>smithfarm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ceph</summary>
  <description>This update for ceph fixes the following issues:

Security issue fixed:

- CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1180155, bsc#1179802).

Non-security issues fixed:

- Update to 15.2.8-80-g1f4b6229ca:
  + Rebase on tip of upstream "octopus" branch, SHA1 bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55
    * upstream Octopus v15.2.8 release, see https://ceph.io/releases/v15-2-8-octopus-released/

- Update to 15.2.7-776-g343cd10fe5:
  + Rebase on tip of upstream "octopus" branch, SHA1 1b8a634fdcd94dfb3ba650793fb1b6d09af65e05
    * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1
  + (bsc#1179016) rpm: require smartmontools on SUSE
  + (bsc#1180107) ceph-volume: pass --filter-for-batch from drive-group subcommand
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places