Security update for ceph SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:1747-1 Final 1 1 2020-06-25T13:06:55Z current 2020-06-25T13:06:55Z 2020-06-25T13:06:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ceph This update for ceph fixes the following issues: - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag (bsc#1171921). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container caasp/v4/hyperkube:v1.17.17-2020-1747,SUSE-2020-1747,SUSE-SLE-Module-Basesystem-15-SP1-2020-1747,SUSE-Storage-6-2020-1747 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20201747-1/ Link for SUSE-SU-2020:1747-1 https://lists.suse.com/pipermail/sle-security-updates/2020-June/007030.html E-Mail link for SUSE-SU-2020:1747-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1171921 SUSE Bug 1171921 https://www.suse.com/security/cve/CVE-2020-10753/ SUSE CVE CVE-2020-10753 page Container caasp/v4/hyperkube:v1.17.17 SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for Basesystem 15 SP1 ceph-common-14.2.9.970+ged84cae0c9-3.41.1 libcephfs2-14.2.9.970+ged84cae0c9-3.41.1 librados2-14.2.9.970+ged84cae0c9-3.41.1 librbd1-14.2.9.970+ged84cae0c9-3.41.1 librgw2-14.2.9.970+ged84cae0c9-3.41.1 python3-ceph-argparse-14.2.9.970+ged84cae0c9-3.41.1 python3-cephfs-14.2.9.970+ged84cae0c9-3.41.1 python3-rados-14.2.9.970+ged84cae0c9-3.41.1 python3-rbd-14.2.9.970+ged84cae0c9-3.41.1 python3-rgw-14.2.9.970+ged84cae0c9-3.41.1 ceph-14.2.9.970+ged84cae0c9-3.41.1 ceph-base-14.2.9.970+ged84cae0c9-3.41.1 ceph-dashboard-e2e-14.2.9.970+ged84cae0c9-3.41.1 ceph-fuse-14.2.9.970+ged84cae0c9-3.41.1 ceph-grafana-dashboards-14.2.9.970+ged84cae0c9-3.41.1 ceph-mds-14.2.9.970+ged84cae0c9-3.41.1 ceph-mgr-14.2.9.970+ged84cae0c9-3.41.1 ceph-mgr-dashboard-14.2.9.970+ged84cae0c9-3.41.1 ceph-mgr-diskprediction-cloud-14.2.9.970+ged84cae0c9-3.41.1 ceph-mgr-diskprediction-local-14.2.9.970+ged84cae0c9-3.41.1 ceph-mgr-k8sevents-14.2.9.970+ged84cae0c9-3.41.1 ceph-mgr-rook-14.2.9.970+ged84cae0c9-3.41.1 ceph-mgr-ssh-14.2.9.970+ged84cae0c9-3.41.1 ceph-mon-14.2.9.970+ged84cae0c9-3.41.1 ceph-osd-14.2.9.970+ged84cae0c9-3.41.1 ceph-prometheus-alerts-14.2.9.970+ged84cae0c9-3.41.1 ceph-radosgw-14.2.9.970+ged84cae0c9-3.41.1 ceph-test-14.2.9.970+ged84cae0c9-3.41.1 cephfs-shell-14.2.9.970+ged84cae0c9-3.41.1 libcephfs-devel-14.2.9.970+ged84cae0c9-3.41.1 librados-devel-14.2.9.970+ged84cae0c9-3.41.1 libradospp-devel-14.2.9.970+ged84cae0c9-3.41.1 librbd-devel-14.2.9.970+ged84cae0c9-3.41.1 librgw-devel-14.2.9.970+ged84cae0c9-3.41.1 rados-objclass-devel-14.2.9.970+ged84cae0c9-3.41.1 rbd-fuse-14.2.9.970+ged84cae0c9-3.41.1 rbd-mirror-14.2.9.970+ged84cae0c9-3.41.1 rbd-nbd-14.2.9.970+ged84cae0c9-3.41.1 ceph-common-14.2.9.970+ged84cae0c9-3.41.1 as a component of Container caasp/v4/hyperkube:v1.17.17 libcephfs2-14.2.9.970+ged84cae0c9-3.41.1 as a component of Container caasp/v4/hyperkube:v1.17.17 librados2-14.2.9.970+ged84cae0c9-3.41.1 as a component of Container caasp/v4/hyperkube:v1.17.17 librbd1-14.2.9.970+ged84cae0c9-3.41.1 as a component of Container caasp/v4/hyperkube:v1.17.17 librgw2-14.2.9.970+ged84cae0c9-3.41.1 as a component of Container caasp/v4/hyperkube:v1.17.17 python3-ceph-argparse-14.2.9.970+ged84cae0c9-3.41.1 as a component of Container caasp/v4/hyperkube:v1.17.17 python3-cephfs-14.2.9.970+ged84cae0c9-3.41.1 as a component of Container caasp/v4/hyperkube:v1.17.17 python3-rados-14.2.9.970+ged84cae0c9-3.41.1 as a component of Container caasp/v4/hyperkube:v1.17.17 python3-rbd-14.2.9.970+ged84cae0c9-3.41.1 as a component of Container caasp/v4/hyperkube:v1.17.17 python3-rgw-14.2.9.970+ged84cae0c9-3.41.1 as a component of Container caasp/v4/hyperkube:v1.17.17 ceph-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-base-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-common-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-fuse-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-grafana-dashboards-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-mds-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-mgr-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-mgr-dashboard-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-mgr-diskprediction-local-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-mgr-rook-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-mon-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-osd-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-prometheus-alerts-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-radosgw-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 cephfs-shell-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 libcephfs2-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 librados2-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 librbd1-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 librgw2-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 python3-ceph-argparse-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 python3-cephfs-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 python3-rados-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 python3-rbd-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 python3-rgw-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 rbd-fuse-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 rbd-mirror-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 rbd-nbd-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Enterprise Storage 6 ceph-common-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 libcephfs-devel-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 libcephfs2-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 librados-devel-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 librados2-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 libradospp-devel-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 librbd-devel-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 librbd1-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 librgw-devel-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 librgw2-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 python3-ceph-argparse-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 python3-cephfs-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 python3-rados-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 python3-rbd-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 python3-rgw-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 rados-objclass-devel-14.2.9.970+ged84cae0c9-3.41.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. CVE-2020-10753 Container caasp/v4/hyperkube:v1.17.17:ceph-common-14.2.9.970+ged84cae0c9-3.41.1 Container caasp/v4/hyperkube:v1.17.17:libcephfs2-14.2.9.970+ged84cae0c9-3.41.1 Container caasp/v4/hyperkube:v1.17.17:librados2-14.2.9.970+ged84cae0c9-3.41.1 Container caasp/v4/hyperkube:v1.17.17:librbd1-14.2.9.970+ged84cae0c9-3.41.1 Container caasp/v4/hyperkube:v1.17.17:librgw2-14.2.9.970+ged84cae0c9-3.41.1 Container caasp/v4/hyperkube:v1.17.17:python3-ceph-argparse-14.2.9.970+ged84cae0c9-3.41.1 Container caasp/v4/hyperkube:v1.17.17:python3-cephfs-14.2.9.970+ged84cae0c9-3.41.1 Container caasp/v4/hyperkube:v1.17.17:python3-rados-14.2.9.970+ged84cae0c9-3.41.1 Container caasp/v4/hyperkube:v1.17.17:python3-rbd-14.2.9.970+ged84cae0c9-3.41.1 Container caasp/v4/hyperkube:v1.17.17:python3-rgw-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-base-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-common-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-fuse-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-grafana-dashboards-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-mds-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-mgr-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-mgr-dashboard-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-mgr-diskprediction-local-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-mgr-rook-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-mon-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-osd-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-prometheus-alerts-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:ceph-radosgw-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:cephfs-shell-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:libcephfs2-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:librados2-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:librbd1-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:librgw2-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:python3-ceph-argparse-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:python3-cephfs-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:python3-rados-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:python3-rbd-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:python3-rgw-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:rbd-fuse-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:rbd-mirror-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6:rbd-nbd-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:ceph-common-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libcephfs-devel-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libcephfs2-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:librados-devel-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:librados2-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:libradospp-devel-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:librbd-devel-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:librbd1-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:librgw-devel-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:librgw2-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:python3-ceph-argparse-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:python3-cephfs-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:python3-rados-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:python3-rbd-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:python3-rgw-14.2.9.970+ged84cae0c9-3.41.1 SUSE Linux Enterprise Module for Basesystem 15 SP1:rados-objclass-devel-14.2.9.970+ged84cae0c9-3.41.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20201747-1/ https://www.suse.com/security/cve/CVE-2020-10753.html CVE-2020-10753 https://bugzilla.suse.com/1171921 SUSE Bug 1171921