SUSE-SU-2021:1108-1
Vulnerability Summary
Timeline
Description
Security update for ceph This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence 'Failed to evict container' log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857) - rgw: cls/user: set from_index for reset stats calls (bsc#1178837) - mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) - cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569)
Affected Systems
- suse•ceph&distro=SUSE Enterprise Storage 7
< 15.2.9.83+g4275378de0-3.17.1
- suse•ceph&distro=SUSE Linux Enterprise Module for Basesystem 15 SP2
< 15.2.9.83+g4275378de0-3.17.1
References (17)
- https://www.suse.com/support/update/announcement/2021/suse-su-20211108-1/
- https://bugzilla.suse.com/1172926
- https://bugzilla.suse.com/1176390
- https://bugzilla.suse.com/1176489
- https://bugzilla.suse.com/1176679
- https://bugzilla.suse.com/1176828
- https://bugzilla.suse.com/1177360
- https://bugzilla.suse.com/1177857
- https://bugzilla.suse.com/1178837
- https://bugzilla.suse.com/1178860
- https://bugzilla.suse.com/1178905
- https://bugzilla.suse.com/1178932
- https://bugzilla.suse.com/1179569
- https://bugzilla.suse.com/1179997
- https://bugzilla.suse.com/1182766
- https://www.suse.com/security/cve/CVE-2020-25678
- https://www.suse.com/security/cve/CVE-2020-27839