openSUSE Security Update : ceph (openSUSE-2016-1500)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

ceph was updated to version 10.2.4 and fixes the following issues :

- A moncommand with empty prefix could crash the monitor
(boo#987144, CVE-2016-5009)

- Detect crc32 extension support from assembler on AArch64
(boo#999688)

- Failing file operations on kernel based cephfs mount
point could leave unaccessible file behind on hammer
0.94.7 (boo#985232)

- Fixed boo#1008501

+ ceph_volume_client: fix _recover_auth_meta() method

+ ceph_volume_client: check if volume metadata is empty

+ ceph_volume_client: fix partial auth recovery

- Avoid ~100% CPU load after OSD creation / first OSD
start (boo#1014338)

- Fixed boo#990438: civetweb HTTPS support not working

- Avoid systemd limiting OSDs (boo#1007216)

- Fix 'make check' when building unit tests with
--with-xio (boo#977940)

- Fix build for ppc64le (boo#982141)

- Including performance fix for linux dcache hash
algorithm (boo#1005179)

- Fix invalid command in SOC7 (boo#1008894)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1005179
https://bugzilla.opensuse.org/show_bug.cgi?id=1007216
https://bugzilla.opensuse.org/show_bug.cgi?id=1008501
https://bugzilla.opensuse.org/show_bug.cgi?id=1008894
https://bugzilla.opensuse.org/show_bug.cgi?id=1014338
https://bugzilla.opensuse.org/show_bug.cgi?id=977940
https://bugzilla.opensuse.org/show_bug.cgi?id=982141
https://bugzilla.opensuse.org/show_bug.cgi?id=985232
https://bugzilla.opensuse.org/show_bug.cgi?id=987144
https://bugzilla.opensuse.org/show_bug.cgi?id=990438
https://bugzilla.opensuse.org/show_bug.cgi?id=999688

Solution :

Update the affected ceph packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 95976 ()

Bugtraq ID:

CVE ID: CVE-2016-5009

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now