SUSE-SU-2015:1102-1
Vulnerability Summary
Timeline
Description
Security update for SES 1.0 This collective update for SUSE Enterprise Storage 1.0 provides fixes and enhancements. ceph (update to version 0.80.9): - Support non-ASCII characters. (bnc#907510) - Fixes issue with more than one OSD / MON on same node. (bnc#927862) - Reinstates Environment=CLUSTER=ceph lines removed by last patch. (bnc#915567) - Use same systemd service files for all cluster names. (bnc#915567) - In OSDMonitor fallback to json-pretty in case of invalid formatter. (bnc#919313) - Increase max files to 131072 for ceph-osd daemon. (bnc#924894) - Fix 'OSDs shutdown during rados benchmark tests'. (bnc#924269) - Add SuSEfirewall2 service files for Ceph MON, OSD and MDS. (bnc#919091) - Added support for multiple cluster names with systemd to ceph-disk. (bnc#915567) - Move udev rules for rbd devices to the client package ceph-common. - Several issues reported upstream have been fixed: #9973 #9918 #9907 #9877 #9854 #9587 #9479 #9478 #9254 #5595 #10978 #10965 #10907 #10553 #10471 #10421 #10307 #10299 #10271 #10271 #10270 #10262 #10103 #10095. ceph-deploy: - Drop support for multiple customer names on the same hardware. (bsc#915567) - Check for errors when generating rgw keys. (bsc#915783) - Do not import new repository keys automatically when installing packages with Zypper. (bsc#919965) - Improved detection of disk vs. OSD block devices with a simple set of tests. (bsc#889053) - Do not create keyring files as world-readable. (bsc#920926, CVE-2015-3010) - Added support for multiple cluster names with systemd to ceph-disk. (bnc#915567) calamari-clients: - Reduce krakenFailThreshold to 5 minutes. (bsc#903007) python-Pillow (update to version 2.7.0): - Fix issues in Jpeg2KImagePlugin and IcnsImagePlugin which could have allowed denial of service attacks. (CVE-2014-3598, CVE-2014-3589) python-djangorestframework: - Escape URLs when replacing format= query parameter, as used in dropdown on GET button in browsable API to allow explicit selection of JSON vs HTML output. (bsc#929914) - Escape request path when it is include as part of the login and logout links in the browsable API. (bsc#929886) For a comprehensive list of changes please refer to each package's change log.
Affected Systems
- suse•calamari-clients&distro=SUSE Enterprise Storage 1.0
< 1.2.2+git.1428648634.40dfe5b-3.1
- suse•ceph-deploy&distro=SUSE Enterprise Storage 1.0
< 1.5.19+git.1431355031.6178cf3-9.1
- suse•ceph&distro=SUSE Enterprise Storage 1.0
< 0.80.9-5.1
- suse•python-djangorestframework&distro=SUSE Enterprise Storage 1.0
< 2.3.12-4.2
- suse•python-Pillow&distro=SUSE Enterprise Storage 1.0
< 2.7.0-4.1
References (19)
- https://www.suse.com/support/update/announcement/2015/suse-su-20151102-1/
- https://bugzilla.suse.com/889053
- https://bugzilla.suse.com/903007
- https://bugzilla.suse.com/907510
- https://bugzilla.suse.com/915567
- https://bugzilla.suse.com/915783
- https://bugzilla.suse.com/919091
- https://bugzilla.suse.com/919313
- https://bugzilla.suse.com/919965
- https://bugzilla.suse.com/920926
- https://bugzilla.suse.com/924269
- https://bugzilla.suse.com/924894
- https://bugzilla.suse.com/927862
- https://bugzilla.suse.com/929553
- https://bugzilla.suse.com/929886
- https://bugzilla.suse.com/929914
- https://www.suse.com/security/cve/CVE-2014-3589
- https://www.suse.com/security/cve/CVE-2014-3598
- https://www.suse.com/security/cve/CVE-2015-3010