Security update for ceph
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177)
- CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710)
- CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567)
Non-security issue fixed:
- os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
-
Submitted by
Nathan Cutler (smithfarm)
Fixed bugs
bnc#1113246
OSDs failing due to stupidalloc 0x0x559961d8b180 dump
bnc#1111177
VUL-1: CVE-2018-14662: ceph: LUKS "config-key" safety issue
bnc#1114710
VUL-0: CVE-2018-16846: ceph: RGW sec vuln: max-keys
bnc#1121567
VUL-0: CVE-2018-16889: ceph: properly sanitize encryption keys in debug logging for v4 auth
