{"affected":[{"ecosystem_specific":{"binaries":[{"ceph-common":"13.2.4.125+gad802694f5-3.7.2","libcephfs-devel":"13.2.4.125+gad802694f5-3.7.2","libcephfs2":"13.2.4.125+gad802694f5-3.7.2","librados-devel":"13.2.4.125+gad802694f5-3.7.2","librados2":"13.2.4.125+gad802694f5-3.7.2","libradosstriper-devel":"13.2.4.125+gad802694f5-3.7.2","libradosstriper1":"13.2.4.125+gad802694f5-3.7.2","librbd-devel":"13.2.4.125+gad802694f5-3.7.2","librbd1":"13.2.4.125+gad802694f5-3.7.2","librgw-devel":"13.2.4.125+gad802694f5-3.7.2","librgw2":"13.2.4.125+gad802694f5-3.7.2","python3-cephfs":"13.2.4.125+gad802694f5-3.7.2","python3-rados":"13.2.4.125+gad802694f5-3.7.2","python3-rbd":"13.2.4.125+gad802694f5-3.7.2","python3-rgw":"13.2.4.125+gad802694f5-3.7.2","rados-objclass-devel":"13.2.4.125+gad802694f5-3.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"ceph","purl":"pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"13.2.4.125+gad802694f5-3.7.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ceph version 13.2.4 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety (bsc#1111177)\n- CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon (bsc#1099162)\n- CVE-2018-1128: Fixed signature check bypass in cephx (bsc#1096748)\n- CVE-2018-1129: Fixed replay attack in cephx protocol (bsc#1096748)\n- CVE-2018-16846: Enforced bounds on max-keys/max-uploads/max-parts in rgw\n\nNon-security issues fixed:\n\n- ceph-volume Python 3 fixes (bsc#1114567)\n- fix python3 module loading (bsc#1086613)\n","id":"SUSE-SU-2019:0586-1","modified":"2019-03-12T12:00:39Z","published":"2019-03-12T12:00:39Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20190586-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1084645"},{"type":"REPORT","url":"https://bugzilla.suse.com/1086613"},{"type":"REPORT","url":"https://bugzilla.suse.com/1096748"},{"type":"REPORT","url":"https://bugzilla.suse.com/1099162"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101262"},{"type":"REPORT","url":"https://bugzilla.suse.com/1111177"},{"type":"REPORT","url":"https://bugzilla.suse.com/1114567"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10861"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1128"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1129"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14662"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16846"}],"related":["CVE-2018-10861","CVE-2018-1128","CVE-2018-1129","CVE-2018-14662","CVE-2018-16846"],"summary":"Security update for ceph","upstream":["CVE-2018-10861","CVE-2018-1128","CVE-2018-1129","CVE-2018-14662","CVE-2018-16846"]}