{"affected":[{"ecosystem_specific":{"binaries":[{"deepsea":"0.9.35+git.0.5a1dc9fe-3.34.1","deepsea-cli":"0.9.35+git.0.5a1dc9fe-3.34.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 6","name":"deepsea","purl":"pkg:rpm/suse/deepsea&distro=SUSE%20Enterprise%20Storage%206"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.35+git.0.5a1dc9fe-3.34.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ceph, deepsea fixes the following issues:\n\n- ceph was updated to 14.2.20-402-g6aa76c6815:\n    * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074).\n    * CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905).\n    * CVE-2020-27839: Use secure cookies to store JWT Token (bsc#1179997). \n    * mgr/dashboard: prometheus alerting: add some leeway for package drops and errors (bsc#1145463) \n    * mon: have 'mon stat' output json as well (bsc#1174466) \n    * rpm: ceph-mgr-dashboard recommends python3-saml on SUSE (bsc#1177200) \n    * mgr/dashboard: Display a warning message in Dashboard when debug mode is enabled (bsc#1178235) \n    * rgw: cls/user: set from_index for reset stats calls (bsc#1178837) \n    * mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860)\n    * bluestore: provide a different name for fallback allocator (bsc#1180118) \n    * test/run-cli-tests: use cram from github (bsc#1181378) \n    * mgr/dashboard: fix 'Python2 Cookie module import fails on Python3' (bsc#1183487) \n    * common: make ms_bind_msgr2 default to 'false' (bsc#1180594) \n\n- deapsea was updated to 0.9.35\n    * osd: add method to zap simple osds (bsc#1178657, bsc#1178216)\n    * upgrade to cephadm: fix Drive Group generation (bsc#1181665)\n    * Rework config change detection to handle global.conf correctly (bsc#1181183)\n    * Use -i to pass credentials to `ceph dashboard` commands (bsc#1183600)\n","id":"SUSE-SU-2021:1472-1","modified":"2021-05-04T06:56:39Z","published":"2021-05-04T06:56:39Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20211472-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1145463"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174466"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177200"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178016"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178216"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178235"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178657"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178837"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178860"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178905"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179997"},{"type":"REPORT","url":"https://bugzilla.suse.com/1180118"},{"type":"REPORT","url":"https://bugzilla.suse.com/1180594"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181183"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181378"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181665"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183074"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183487"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183600"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25678"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-27839"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20288"}],"related":["CVE-2020-25678","CVE-2020-27839","CVE-2021-20288"],"summary":"Security update for ceph, deepsea","upstream":["CVE-2020-25678","CVE-2020-27839","CVE-2021-20288"]}