Security update for ceph SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0187-1 Final 1 1 2020-02-08T15:12:58Z current 2020-02-08T15:12:58Z 2020-02-08T15:12:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ceph This update for ceph fixes the following issues: - CVE-2020-1700: Fixed a denial of service against the RGW server via connection leakage (bsc#1161312). - CVE-2020-1699: Fixed a information disclosure by improper URL checking (bsc#1161074). This update was imported from the SUSE:SLE-15-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-187 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GFNDLPWVL33C6GRY4RNPOQ77ME6FHZA4/ E-Mail link for openSUSE-SU-2020:0187-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1161074 SUSE Bug 1161074 https://bugzilla.suse.com/1161312 SUSE Bug 1161312 https://www.suse.com/security/cve/CVE-2020-1699/ SUSE CVE CVE-2020-1699 page https://www.suse.com/security/cve/CVE-2020-1700/ SUSE CVE CVE-2020-1700 page openSUSE Leap 15.1 ceph-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-base-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-common-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-dashboard-e2e-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-fuse-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-grafana-dashboards-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-mds-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-mgr-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-mgr-dashboard-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-mgr-diskprediction-cloud-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-mgr-diskprediction-local-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-mgr-k8sevents-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-mgr-rook-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-mgr-ssh-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-mon-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-osd-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-prometheus-alerts-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-radosgw-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-resource-agents-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-test-14.2.5.382+g8881d33957-lp151.2.10.1 cephfs-shell-14.2.5.382+g8881d33957-lp151.2.10.1 libcephfs-devel-14.2.5.382+g8881d33957-lp151.2.10.1 libcephfs2-14.2.5.382+g8881d33957-lp151.2.10.1 librados-devel-14.2.5.382+g8881d33957-lp151.2.10.1 librados2-14.2.5.382+g8881d33957-lp151.2.10.1 libradospp-devel-14.2.5.382+g8881d33957-lp151.2.10.1 libradosstriper-devel-14.2.5.382+g8881d33957-lp151.2.10.1 libradosstriper1-14.2.5.382+g8881d33957-lp151.2.10.1 librbd-devel-14.2.5.382+g8881d33957-lp151.2.10.1 librbd1-14.2.5.382+g8881d33957-lp151.2.10.1 librgw-devel-14.2.5.382+g8881d33957-lp151.2.10.1 librgw2-14.2.5.382+g8881d33957-lp151.2.10.1 python3-ceph-argparse-14.2.5.382+g8881d33957-lp151.2.10.1 python3-cephfs-14.2.5.382+g8881d33957-lp151.2.10.1 python3-rados-14.2.5.382+g8881d33957-lp151.2.10.1 python3-rbd-14.2.5.382+g8881d33957-lp151.2.10.1 python3-rgw-14.2.5.382+g8881d33957-lp151.2.10.1 rados-objclass-devel-14.2.5.382+g8881d33957-lp151.2.10.1 rbd-fuse-14.2.5.382+g8881d33957-lp151.2.10.1 rbd-mirror-14.2.5.382+g8881d33957-lp151.2.10.1 rbd-nbd-14.2.5.382+g8881d33957-lp151.2.10.1 ceph-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-base-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-common-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-dashboard-e2e-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-fuse-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-grafana-dashboards-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-mds-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-mgr-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-mgr-dashboard-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-mgr-diskprediction-cloud-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-mgr-diskprediction-local-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-mgr-k8sevents-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-mgr-rook-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-mgr-ssh-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-mon-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-osd-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-prometheus-alerts-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-radosgw-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-resource-agents-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 ceph-test-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 cephfs-shell-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 libcephfs-devel-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 libcephfs2-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 librados-devel-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 librados2-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 libradospp-devel-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 libradosstriper-devel-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 libradosstriper1-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 librbd-devel-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 librbd1-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 librgw-devel-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 librgw2-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 python3-ceph-argparse-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 python3-cephfs-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 python3-rados-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 python3-rbd-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 python3-rgw-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 rados-objclass-devel-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 rbd-fuse-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 rbd-mirror-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 rbd-nbd-14.2.5.382+g8881d33957-lp151.2.10.1 as a component of openSUSE Leap 15.1 A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard. CVE-2020-1699 openSUSE Leap 15.1:ceph-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-base-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-common-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-dashboard-e2e-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-fuse-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-grafana-dashboards-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mds-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-dashboard-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-diskprediction-cloud-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-diskprediction-local-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-k8sevents-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-rook-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-ssh-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mon-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-osd-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-prometheus-alerts-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-radosgw-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-resource-agents-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-test-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:cephfs-shell-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:libcephfs-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:libcephfs2-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librados-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librados2-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:libradospp-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:libradosstriper-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:libradosstriper1-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librbd-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librbd1-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librgw-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librgw2-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:python3-ceph-argparse-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:python3-cephfs-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:python3-rados-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:python3-rbd-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:python3-rgw-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:rados-objclass-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:rbd-fuse-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:rbd-mirror-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:rbd-nbd-14.2.5.382+g8881d33957-lp151.2.10.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GFNDLPWVL33C6GRY4RNPOQ77ME6FHZA4/ https://www.suse.com/security/cve/CVE-2020-1699.html CVE-2020-1699 https://bugzilla.suse.com/1161074 SUSE Bug 1161074 A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. CVE-2020-1700 openSUSE Leap 15.1:ceph-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-base-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-common-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-dashboard-e2e-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-fuse-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-grafana-dashboards-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mds-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-dashboard-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-diskprediction-cloud-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-diskprediction-local-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-k8sevents-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-rook-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mgr-ssh-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-mon-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-osd-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-prometheus-alerts-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-radosgw-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-resource-agents-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:ceph-test-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:cephfs-shell-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:libcephfs-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:libcephfs2-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librados-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librados2-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:libradospp-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:libradosstriper-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:libradosstriper1-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librbd-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librbd1-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librgw-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:librgw2-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:python3-ceph-argparse-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:python3-cephfs-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:python3-rados-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:python3-rbd-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:python3-rgw-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:rados-objclass-devel-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:rbd-fuse-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:rbd-mirror-14.2.5.382+g8881d33957-lp151.2.10.1 openSUSE Leap 15.1:rbd-nbd-14.2.5.382+g8881d33957-lp151.2.10.1 moderate 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GFNDLPWVL33C6GRY4RNPOQ77ME6FHZA4/ https://www.suse.com/security/cve/CVE-2020-1700.html CVE-2020-1700 https://bugzilla.suse.com/1161312 SUSE Bug 1161312