{"affected":[{"ecosystem_specific":{"binaries":[{"ceph":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-base":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-common":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-fuse":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-mds":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-mgr":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-mon":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-osd":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-radosgw":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-resource-agents":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-test":"13.2.4.125+gad802694f5-lp150.2.3.1","libcephfs-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","libcephfs2":"13.2.4.125+gad802694f5-lp150.2.3.1","librados-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","librados2":"13.2.4.125+gad802694f5-lp150.2.3.1","libradosstriper-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","libradosstriper1":"13.2.4.125+gad802694f5-lp150.2.3.1","librbd-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","librbd1":"13.2.4.125+gad802694f5-lp150.2.3.1","librgw-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","librgw2":"13.2.4.125+gad802694f5-lp150.2.3.1","python3-cephfs":"13.2.4.125+gad802694f5-lp150.2.3.1","python3-rados":"13.2.4.125+gad802694f5-lp150.2.3.1","python3-rbd":"13.2.4.125+gad802694f5-lp150.2.3.1","python3-rgw":"13.2.4.125+gad802694f5-lp150.2.3.1","rados-objclass-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","rbd-fuse":"13.2.4.125+gad802694f5-lp150.2.3.1","rbd-mirror":"13.2.4.125+gad802694f5-lp150.2.3.1","rbd-nbd":"13.2.4.125+gad802694f5-lp150.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"ceph","purl":"pkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"13.2.4.125+gad802694f5-lp150.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ceph":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-base":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-common":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-fuse":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-mds":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-mgr":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-mon":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-osd":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-radosgw":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-resource-agents":"13.2.4.125+gad802694f5-lp150.2.3.1","ceph-test":"13.2.4.125+gad802694f5-lp150.2.3.1","libcephfs-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","libcephfs2":"13.2.4.125+gad802694f5-lp150.2.3.1","librados-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","librados2":"13.2.4.125+gad802694f5-lp150.2.3.1","libradosstriper-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","libradosstriper1":"13.2.4.125+gad802694f5-lp150.2.3.1","librbd-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","librbd1":"13.2.4.125+gad802694f5-lp150.2.3.1","librgw-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","librgw2":"13.2.4.125+gad802694f5-lp150.2.3.1","python3-cephfs":"13.2.4.125+gad802694f5-lp150.2.3.1","python3-rados":"13.2.4.125+gad802694f5-lp150.2.3.1","python3-rbd":"13.2.4.125+gad802694f5-lp150.2.3.1","python3-rgw":"13.2.4.125+gad802694f5-lp150.2.3.1","rados-objclass-devel":"13.2.4.125+gad802694f5-lp150.2.3.1","rbd-fuse":"13.2.4.125+gad802694f5-lp150.2.3.1","rbd-mirror":"13.2.4.125+gad802694f5-lp150.2.3.1","rbd-nbd":"13.2.4.125+gad802694f5-lp150.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"ceph-test","purl":"pkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"13.2.4.125+gad802694f5-lp150.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ceph version 13.2.4 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety (bsc#1111177)\n- CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon (bsc#1099162)\n- CVE-2018-1128: Fixed signature check bypass in cephx (bsc#1096748)\n- CVE-2018-1129: Fixed replay attack in cephx protocol (bsc#1096748)\n- CVE-2018-16846: Enforced bounds on max-keys/max-uploads/max-parts in rgw (bsc#1114710)\n\nNon-security issues fixed:\n\n- ceph-volume Python 3 fixes (bsc#1114567)\n- Fixed python3 module loading (bsc#1086613)\n- Fixed an issue where ceph build fails (bsc#1084645)\n- ceph's SPDK builds with march=native (bsc#1101262)\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:1284-1","modified":"2019-04-27T15:48:20Z","published":"2019-04-27T15:48:20Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3PBU365BKTDZHLKZL2NDWGZPNQHYX4IW/#3PBU365BKTDZHLKZL2NDWGZPNQHYX4IW"},{"type":"REPORT","url":"https://bugzilla.suse.com/1084645"},{"type":"REPORT","url":"https://bugzilla.suse.com/1086613"},{"type":"REPORT","url":"https://bugzilla.suse.com/1096748"},{"type":"REPORT","url":"https://bugzilla.suse.com/1099162"},{"type":"REPORT","url":"https://bugzilla.suse.com/1101262"},{"type":"REPORT","url":"https://bugzilla.suse.com/1111177"},{"type":"REPORT","url":"https://bugzilla.suse.com/1114567"},{"type":"REPORT","url":"https://bugzilla.suse.com/1114710"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10861"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1128"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1129"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14662"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16846"}],"related":["CVE-2018-10861","CVE-2018-1128","CVE-2018-1129","CVE-2018-14662","CVE-2018-16846"],"summary":"Security update for ceph","upstream":["CVE-2018-10861","CVE-2018-1128","CVE-2018-1129","CVE-2018-14662","CVE-2018-16846"]}