Detections
Analytics
SUSE SLED12 / SLES12 Security Update : ceph (SUSE-SU-2018:1417-1)
high Nessus Plugin ID 110123
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
This update for ceph fixes the following issues: Security issues fixed :- CVE-2018-7262: rgw: malformed http headers can crash rgw (bsc#1081379).
- CVE-2017-16818: User reachable asserts allow for DoS (bsc#1063014). Bug fixes :
- bsc#1061461: OSDs keep generating coredumps after adding new OSD node to cluster.
- bsc#1079076: RGW openssl fixes.
- bsc#1067088: Upgrade to SES5 restarted all nodes, majority of OSDs aborts during start.
- bsc#1056125: Some OSDs are down when doing performance testing on rbd image in EC Pool.
- bsc#1087269: allow_ec_overwrites option not in command options list.
- bsc#1051598: Fix mountpoint check for systemctl enable
--runtime.
- bsc#1070357: Zabbix mgr module doesn't recover from HEALTH_ERR.
- bsc#1066502: After upgrading a single OSD from SES 4 to SES 5 the OSDs do not rejoin the cluster.
- bsc#1067119: Crushtool decompile creates wrong device entries (device 20 device20) for not existing / deleted OSDs.
- bsc#1060904: Loglevel misleading during keystone authentication.
- bsc#1056967: Monitors goes down after pool creation on cluster with 120 OSDs.
- bsc#1067705: Issues with RGW Multi-Site Federation between SES5 and RH Ceph Storage 2.
- bsc#1059458: Stopping / restarting rados gateway as part of deepsea stage.4 executions causes core-dump of radosgw.
- bsc#1087493: Commvault cannot reconnect to storage after restarting haproxy.
- bsc#1066182: Container synchronization between two Ceph clusters failed.
- bsc#1081600: Crash in civetweb/RGW.
- bsc#1054061: NFS-GANESHA service failing while trying to list mountpoint on client.
- bsc#1074301: OSDs keep aborting: SnapMapper failed asserts.
- bsc#1086340: XFS metadata corruption on rbd-nbd mapped image with journaling feature enabled.
- bsc#1080788: fsid mismatch when creating additional OSDs.
- bsc#1071386: Metadata spill onto block.slow.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-980=1
SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-980=1
SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-980=1
SUSE CaaS Platform ALL :
To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.
See Also
https://bugzilla.suse.com/show_bug.cgi?id=1061461
https://bugzilla.suse.com/show_bug.cgi?id=1063014
https://bugzilla.suse.com/show_bug.cgi?id=1066182
https://bugzilla.suse.com/show_bug.cgi?id=1066502
https://bugzilla.suse.com/show_bug.cgi?id=1067088
https://bugzilla.suse.com/show_bug.cgi?id=1067119
https://bugzilla.suse.com/show_bug.cgi?id=1067705
https://bugzilla.suse.com/show_bug.cgi?id=1070357
https://bugzilla.suse.com/show_bug.cgi?id=1071386
https://bugzilla.suse.com/show_bug.cgi?id=1074301
https://bugzilla.suse.com/show_bug.cgi?id=1079076
https://bugzilla.suse.com/show_bug.cgi?id=1080788
https://bugzilla.suse.com/show_bug.cgi?id=1081379
https://bugzilla.suse.com/show_bug.cgi?id=1081600
https://bugzilla.suse.com/show_bug.cgi?id=1086340
https://bugzilla.suse.com/show_bug.cgi?id=1087269
https://bugzilla.suse.com/show_bug.cgi?id=1087493
https://www.suse.com/security/cve/CVE-2017-16818/
https://www.suse.com/security/cve/CVE-2018-7262/
http://www.nessus.org/u?66713169
https://bugzilla.suse.com/show_bug.cgi?id=1051598
https://bugzilla.suse.com/show_bug.cgi?id=1054061
https://bugzilla.suse.com/show_bug.cgi?id=1056125
https://bugzilla.suse.com/show_bug.cgi?id=1056967
Plugin Details
Severity: High
ID: 110123
File Name: suse_SU-2018-1417-1.nasl
Version: 1.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 5/25/2018
Updated: 9/10/2019
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:ceph-common, p-cpe:/a:novell:suse_linux:ceph-common-debuginfo, p-cpe:/a:novell:suse_linux:ceph-debugsource, p-cpe:/a:novell:suse_linux:libcephfs2, p-cpe:/a:novell:suse_linux:libcephfs2-debuginfo, p-cpe:/a:novell:suse_linux:librados2, p-cpe:/a:novell:suse_linux:librados2-debuginfo, p-cpe:/a:novell:suse_linux:libradosstriper1, p-cpe:/a:novell:suse_linux:libradosstriper1-debuginfo, p-cpe:/a:novell:suse_linux:librbd1, p-cpe:/a:novell:suse_linux:librbd1-debuginfo, p-cpe:/a:novell:suse_linux:librgw2, p-cpe:/a:novell:suse_linux:librgw2-debuginfo, p-cpe:/a:novell:suse_linux:python-cephfs, p-cpe:/a:novell:suse_linux:python-cephfs-debuginfo, p-cpe:/a:novell:suse_linux:python-rados, p-cpe:/a:novell:suse_linux:python-rados-debuginfo, p-cpe:/a:novell:suse_linux:python-rbd, p-cpe:/a:novell:suse_linux:python-rbd-debuginfo, p-cpe:/a:novell:suse_linux:python-rgw, p-cpe:/a:novell:suse_linux:python-rgw-debuginfo, cpe:/o:novell:suse_linux:12
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 5/23/2018
Vulnerability Publication Date: 12/20/2017
Reference Information
CVE: CVE-2017-16818, CVE-2018-7262