openSUSE Security Update : ceph (openSUSE-2017-421)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This ceph version update to 10.2.6+git fixes the following issues :

Security issues fixed :

- CVE-2016-9579: RGW server DoS via request with invalid
HTTP Origin header (boo#1014986).

Bugfixes :

- Update to version 10.2.6+git.1489493035.3ad7a68

- 'tools/rados: default to include clone objects when
excuting 'cache-flush-evict-all' (boo#1003891)

- mon,ceph-disk: add lockbox permissions to bootstrap-osd

- 'ceph_volume_client: fix _recover_auth_meta() method'

- 'systemd/ceph-disk: reduce ceph-disk flock contention'

- 'doc: add verbiage to rbdmap manpage' and 'Add Install
section to systemd rbdmap.service file' (boo#1015748)

- ceph-disk: systemd unit must run after

- build/ops: restart [email protected] after 20s instead
of 100ms (boo#1019616)

- doc: add verbiage to rbdmap manpage and mention rbdmap
in RBD quick start (boo#1015748)

- doc: ceph-deploy man: remove references to mds destroy.
Not implemented (boo#970642)

Feature enhancements :

- FATE#321098 :

- rpm: deobfuscate SUSE-specific bconds

- rpm: consider xio bcond on x86_64 and aarch64 only

- rpm: remove s390 from SES ExclusiveArch

- rpm: limit lttng/babeltrace to architectures

- rpm: limit xio build

- rpm: enable build for s390(x) in SLE

- rpm: add 'without valgrind_devel' configure option

See also :

Solution :

Update the affected ceph packages.

Risk factor :


Family: SuSE Local Security Checks

Nessus Plugin ID: 99179 ()

Bugtraq ID:

CVE ID: CVE-2016-9579

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now