Security update for ceph (important)

2017-11-02T18:23:32
ID SUSE-SU-2017:2922-1
Type suse
Reporter Suse
Modified 2017-11-02T18:23:32

Description

CEPH was updated to version 10.2.10, which brings several fixes and enhancements.

Upstream 10.2.10 release summary can be found at: <a rel="nofollow" href="https://ceph.com/releases/v10-2-10-jewel-released/">https://ceph.com/releases/v10-2-10-jewel-released/</a>

Security issues fixed:

  • CVE-2017-7519: libradosstriper processed arbitrary printf placeholders in user input (bsc#1043767)

Non-security issues fixed:

  • Add explicit Before=ceph.target to systemd service file. (bsc#1042973)
  • ceph-disk omits "--runtime" when enabling ceph-osd@$ID.service units. (bsc#1051598, bsc#1056536)
  • Make it possible to customize ceph-disk's timeout and set default to 3h. (bsc#1051432)
  • Move ceph-disk from ceph-common to ceph-base.