openSUSE Security Update : ceph (openSUSE-2016-1500)

medium Nessus Plugin ID 95976

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

ceph was updated to version 10.2.4 and fixes the following issues :

- A moncommand with empty prefix could crash the monitor (boo#987144, CVE-2016-5009)

- Detect crc32 extension support from assembler on AArch64 (boo#999688)

- Failing file operations on kernel based cephfs mount point could leave unaccessible file behind on hammer 0.94.7 (boo#985232)

- Fixed boo#1008501

+ ceph_volume_client: fix _recover_auth_meta() method

+ ceph_volume_client: check if volume metadata is empty

+ ceph_volume_client: fix partial auth recovery

- Avoid ~100% CPU load after OSD creation / first OSD start (boo#1014338)

- Fixed boo#990438: civetweb HTTPS support not working

- Avoid systemd limiting OSDs (boo#1007216)

- Fix 'make check' when building unit tests with
--with-xio (boo#977940)

- Fix build for ppc64le (boo#982141)

- Including performance fix for linux dcache hash algorithm (boo#1005179)

- Fix invalid command in SOC7 (boo#1008894)

Solution

Update the affected ceph packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1005179

https://bugzilla.opensuse.org/show_bug.cgi?id=1007216

https://bugzilla.opensuse.org/show_bug.cgi?id=1008501

https://bugzilla.opensuse.org/show_bug.cgi?id=1008894

https://bugzilla.opensuse.org/show_bug.cgi?id=1014338

https://bugzilla.opensuse.org/show_bug.cgi?id=977940

https://bugzilla.opensuse.org/show_bug.cgi?id=982141

https://bugzilla.opensuse.org/show_bug.cgi?id=985232

https://bugzilla.opensuse.org/show_bug.cgi?id=987144

https://bugzilla.opensuse.org/show_bug.cgi?id=990438

https://bugzilla.opensuse.org/show_bug.cgi?id=999688

Plugin Details

Severity: Medium

ID: 95976

File Name: openSUSE-2016-1500.nasl

Version: 3.3

Type: local

Agent: unix

Published: 12/21/2016

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ceph, p-cpe:/a:novell:opensuse:ceph-base, p-cpe:/a:novell:opensuse:ceph-base-debuginfo, p-cpe:/a:novell:opensuse:ceph-common, p-cpe:/a:novell:opensuse:ceph-common-debuginfo, p-cpe:/a:novell:opensuse:ceph-fuse, p-cpe:/a:novell:opensuse:ceph-fuse-debuginfo, p-cpe:/a:novell:opensuse:ceph-mds, p-cpe:/a:novell:opensuse:ceph-mds-debuginfo, p-cpe:/a:novell:opensuse:ceph-mon, p-cpe:/a:novell:opensuse:ceph-mon-debuginfo, p-cpe:/a:novell:opensuse:ceph-osd, p-cpe:/a:novell:opensuse:ceph-osd-debuginfo, p-cpe:/a:novell:opensuse:ceph-radosgw, p-cpe:/a:novell:opensuse:ceph-radosgw-debuginfo, p-cpe:/a:novell:opensuse:ceph-resource-agents, p-cpe:/a:novell:opensuse:ceph-test, p-cpe:/a:novell:opensuse:ceph-test-debuginfo, p-cpe:/a:novell:opensuse:libcephfs-devel, p-cpe:/a:novell:opensuse:libcephfs1, p-cpe:/a:novell:opensuse:libcephfs1-debuginfo, p-cpe:/a:novell:opensuse:librados-devel, p-cpe:/a:novell:opensuse:librados-devel-debuginfo, p-cpe:/a:novell:opensuse:librados2, p-cpe:/a:novell:opensuse:librados2-debuginfo, p-cpe:/a:novell:opensuse:libradosstriper-devel, p-cpe:/a:novell:opensuse:libradosstriper1, p-cpe:/a:novell:opensuse:libradosstriper1-debuginfo, p-cpe:/a:novell:opensuse:librbd-devel, p-cpe:/a:novell:opensuse:librbd1, p-cpe:/a:novell:opensuse:librbd1-debuginfo, p-cpe:/a:novell:opensuse:librgw-devel, p-cpe:/a:novell:opensuse:librgw2, p-cpe:/a:novell:opensuse:librgw2-debuginfo, p-cpe:/a:novell:opensuse:python-ceph-compat, p-cpe:/a:novell:opensuse:python-cephfs, p-cpe:/a:novell:opensuse:python-cephfs-debuginfo, p-cpe:/a:novell:opensuse:python-rados, p-cpe:/a:novell:opensuse:python-rados-debuginfo, p-cpe:/a:novell:opensuse:python-rbd, p-cpe:/a:novell:opensuse:python-rbd-debuginfo, p-cpe:/a:novell:opensuse:rbd-fuse, p-cpe:/a:novell:opensuse:rbd-fuse-debuginfo, p-cpe:/a:novell:opensuse:rbd-mirror, p-cpe:/a:novell:opensuse:rbd-mirror-debuginfo, p-cpe:/a:novell:opensuse:rbd-nbd, p-cpe:/a:novell:opensuse:rbd-nbd-debuginfo, cpe:/o:novell:opensuse:42.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 12/20/2016

Reference Information

CVE: CVE-2016-5009