Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1128 (GCVE-0-2018-1128)
Vulnerability from cvelistv5 – Published: 2018-07-10 14:00 – Updated: 2024-09-16 20:27
VLAI
EPSS
Summary
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Severity
No CVSS data available.
CWE
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2261 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2177 | vendor-advisoryx_refsource_REDHAT |
| https://github.com/ceph/ceph/commit/5ead97120e070… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:2179 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2274 | vendor-advisoryx_refsource_REDHAT |
| https://www.debian.org/security/2018/dsa-4339 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| http://tracker.ceph.com/issues/24836 | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1575866 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2020/11/17/3 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2020/11/17/4 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | ceph |
Affected:
All versions in branches master, mimic, luminous and jewel
|
Date Public
2018-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468"
},
{
"name": "RHSA-2018:2179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.ceph.com/issues/24836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575866"
},
{
"name": "openSUSE-SU-2019:1284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"name": "[oss-security] 20201117 CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/3"
},
{
"name": "[oss-security] 20201117 Re: CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions in branches master, mimic, luminous and jewel"
}
]
}
],
"datePublic": "2018-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-17T18:06:22.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468"
},
{
"name": "RHSA-2018:2179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.ceph.com/issues/24836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575866"
},
{
"name": "openSUSE-SU-2019:1284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"name": "[oss-security] 20201117 CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/3"
},
{
"name": "[oss-security] 20201117 Re: CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-07-09T00:00:00",
"ID": "CVE-2018-1128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph",
"version": {
"version_data": [
{
"version_value": "All versions in branches master, mimic, luminous and jewel"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2261",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468",
"refsource": "CONFIRM",
"url": "https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468"
},
{
"name": "RHSA-2018:2179",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "DSA-4339",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "http://tracker.ceph.com/issues/24836",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/24836"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1575866",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575866"
},
{
"name": "openSUSE-SU-2019:1284",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"name": "[oss-security] 20201117 CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/3"
},
{
"name": "[oss-security] 20201117 Re: CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1128",
"datePublished": "2018-07-10T14:00:00.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:27:12.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-1128",
"date": "2026-05-30",
"epss": "0.01038",
"percentile": "0.77711"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1128\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-07-10T14:29:00.370\",\"lastModified\":\"2024-11-21T03:59:14.563\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto que el protocolo de autenticaci\u00f3n cephx no verificaba correctamente los clientes ceph y era vulnerable a ataques de reproducci\u00f3n. Cualquier atacante que tenga acceso a la red de cl\u00fasters de ceph y que pueda rastrear paquetes en la red puede emplear esta vulnerabilidad para autenticarse con el servicio ceph y realizar acciones permitidas por el servicio ceph. Se cree que las ramas de ceph master, mimic, luminous y jewel son vulnerables.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":5.4,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-294\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage:3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9184616-421F-4EA9-AC1A-A4C95BBAAC99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage_mon:2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C2EBAD9-F0D5-4176-9C4D-001B230E699E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage_mon:3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD2F9BA8-FE0A-43DE-A756-C35A24C3D96E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage_osd:2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA5F5227-DBDA-4C01-BF7C-4D53F455404F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage_osd:3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A80BACB5-7A56-4BC6-9261-58A3860F4E8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.2.0\",\"versionEndIncluding\":\"13.2.1\",\"matchCriteriaId\":\"1E50612E-0E8A-4CCE-91DB-502079B9540C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://tracker.ceph.com/issues/24836\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/17/3\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/17/4\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2177\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2179\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2261\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2274\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1575866\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4339\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://tracker.ceph.com/issues/24836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/17/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/17/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2177\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2261\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1575866\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4339\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2018-AVI-448
Vulnerability from certfr_avis - Published: 2018-09-21 - Updated: 2018-09-21
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP3 | ||
| SUSE | N/A | SUSE CaaS Platform 3.0 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP3 | ||
| SUSE | N/A | SUSE CaaS Platform ALL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Desktop 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform ALL",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-16658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
},
{
"name": "CVE-2018-10883",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10883"
},
{
"name": "CVE-2018-10902",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
},
{
"name": "CVE-2018-10879",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10879"
},
{
"name": "CVE-2018-10880",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10880"
},
{
"name": "CVE-2018-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10878"
},
{
"name": "CVE-2018-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
},
{
"name": "CVE-2018-13093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
},
{
"name": "CVE-2018-10881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10881"
},
{
"name": "CVE-2018-12896",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12896"
},
{
"name": "CVE-2018-13094",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13094"
},
{
"name": "CVE-2018-6555",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6555"
},
{
"name": "CVE-2018-15572",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
},
{
"name": "CVE-2018-1128",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
},
{
"name": "CVE-2018-10877",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10877"
},
{
"name": "CVE-2018-13095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13095"
},
{
"name": "CVE-2018-10882",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10882"
},
{
"name": "CVE-2018-10876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10876"
},
{
"name": "CVE-2018-9363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
},
{
"name": "CVE-2018-1129",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
},
{
"name": "CVE-2018-10938",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
}
],
"initial_release_date": "2018-09-21T00:00:00",
"last_revision_date": "2018-09-21T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-448",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182776-1 du 20 septembre 2018",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182776-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182775-1 du 20 septembre 2018",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182775-1/"
}
]
}
CERTFR-2018-AVI-456
Vulnerability from certfr_avis - Published: 2018-09-26 - Updated: 2018-09-26
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-LTSS | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server pour SAP 12-SP2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server pour SAP 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-16658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
},
{
"name": "CVE-2018-10883",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10883"
},
{
"name": "CVE-2018-10902",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
},
{
"name": "CVE-2018-10879",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10879"
},
{
"name": "CVE-2018-10880",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10880"
},
{
"name": "CVE-2018-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10878"
},
{
"name": "CVE-2018-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
},
{
"name": "CVE-2018-13093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
},
{
"name": "CVE-2018-10881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10881"
},
{
"name": "CVE-2018-12896",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12896"
},
{
"name": "CVE-2018-13094",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13094"
},
{
"name": "CVE-2018-6555",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6555"
},
{
"name": "CVE-2018-15572",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
},
{
"name": "CVE-2018-1128",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
},
{
"name": "CVE-2018-1000026",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000026"
},
{
"name": "CVE-2018-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5390"
},
{
"name": "CVE-2018-10877",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10877"
},
{
"name": "CVE-2018-13095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13095"
},
{
"name": "CVE-2018-10882",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10882"
},
{
"name": "CVE-2018-10876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10876"
},
{
"name": "CVE-2018-10940",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10940"
},
{
"name": "CVE-2018-9363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
},
{
"name": "CVE-2018-1129",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
},
{
"name": "CVE-2018-10938",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
}
],
"initial_release_date": "2018-09-26T00:00:00",
"last_revision_date": "2018-09-26T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-456",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2858-1 du 25 septembre 2018",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182858-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2862-1 du 25 septembre 2018",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182862-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2864-1 du 25 septembre 2018",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182864-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2860-1 du 25 septembre 2018",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182860-1/"
}
]
}
CERTFR-2018-AVI-466
Vulnerability from certfr_avis - Published: 2018-10-03 - Updated: 2018-10-03
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module pour Live Patching 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Basesystem 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Legacy Software 15 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Development Tools 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module pour Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Basesystem 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Legacy Software 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Development Tools 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-16658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
},
{
"name": "CVE-2018-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
},
{
"name": "CVE-2018-13093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
},
{
"name": "CVE-2018-14613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14613"
},
{
"name": "CVE-2018-12896",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12896"
},
{
"name": "CVE-2018-13094",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13094"
},
{
"name": "CVE-2018-6555",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6555"
},
{
"name": "CVE-2018-1128",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
},
{
"name": "CVE-2018-14617",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
},
{
"name": "CVE-2018-13095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13095"
},
{
"name": "CVE-2018-10940",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10940"
},
{
"name": "CVE-2018-1129",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
},
{
"name": "CVE-2018-10938",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
}
],
"initial_release_date": "2018-10-03T00:00:00",
"last_revision_date": "2018-10-03T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-466",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2981-1 du 2 octobre 2018",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182981-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2980-1 du 2 octobre 2018",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182980-1/"
}
]
}
CERTFR-2018-AVI-580
Vulnerability from certfr_avis - Published: 2018-12-03 - Updated: 2018-12-03
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module pour Public Cloud 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-18710",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18710"
},
{
"name": "CVE-2018-16658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
},
{
"name": "CVE-2018-10902",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
},
{
"name": "CVE-2017-18224",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18224"
},
{
"name": "CVE-2018-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
},
{
"name": "CVE-2018-13093",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
},
{
"name": "CVE-2018-14613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14613"
},
{
"name": "CVE-2018-12896",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12896"
},
{
"name": "CVE-2018-17182",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17182"
},
{
"name": "CVE-2018-6555",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6555"
},
{
"name": "CVE-2018-15572",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
},
{
"name": "CVE-2018-1128",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
},
{
"name": "CVE-2018-18445",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18445"
},
{
"name": "CVE-2018-14617",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
},
{
"name": "CVE-2018-14633",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
},
{
"name": "CVE-2018-13095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13095"
},
{
"name": "CVE-2018-10940",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10940"
},
{
"name": "CVE-2018-9363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
},
{
"name": "CVE-2018-1129",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
},
{
"name": "CVE-2018-10938",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
},
{
"name": "CVE-2017-16533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16533"
},
{
"name": "CVE-2018-18386",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18386"
}
],
"initial_release_date": "2018-12-03T00:00:00",
"last_revision_date": "2018-12-03T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-580",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-12-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:3961-1 du 30 novembre 2018",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183961-1/"
}
]
}
CERTFR-2019-AVI-233
Vulnerability from certfr_avis - Published: 2019-05-20 - Updated: 2019-05-20
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module pour Public Cloud 12 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server pour SAP 12-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP2 | ||
| SUSE | N/A | OpenStack Cloud Magnum Orchestration 7 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP1-LTSS | ||
| SUSE | N/A | SUSE OpenStack Cloud 7 | ||
| SUSE | N/A | SUSE Enterprise Storage 4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server pour SAP 12-SP2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module pour Public Cloud 12",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server pour SAP 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "OpenStack Cloud Magnum Orchestration 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server pour SAP 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-18710",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18710"
},
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"name": "CVE-2017-7472",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7472"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2018-19407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19407"
},
{
"name": "CVE-2018-9568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-8564",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8564"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2017-1000407",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000407"
},
{
"name": "CVE-2019-9213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
},
{
"name": "CVE-2017-7273",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7273"
},
{
"name": "CVE-2018-18281",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18281"
},
{
"name": "CVE-2018-15572",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2018-18690",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18690"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-1128",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
},
{
"name": "CVE-2016-10741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10741"
},
{
"name": "CVE-2018-14633",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
},
{
"name": "CVE-2018-1091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1091"
},
{
"name": "CVE-2018-1120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1120"
},
{
"name": "CVE-2017-18174",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18174"
},
{
"name": "CVE-2018-16884",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16884"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2018-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
},
{
"name": "CVE-2019-3460",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3460"
},
{
"name": "CVE-2019-11486",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11486"
},
{
"name": "CVE-2018-19824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19824"
},
{
"name": "CVE-2019-3882",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3882"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
},
{
"name": "CVE-2018-1129",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
},
{
"name": "CVE-2019-7222",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7222"
},
{
"name": "CVE-2017-16533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16533"
},
{
"name": "CVE-2016-8636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8636"
},
{
"name": "CVE-2018-18386",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18386"
},
{
"name": "CVE-2017-17741",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17741"
},
{
"name": "CVE-2019-3459",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3459"
}
],
"initial_release_date": "2019-05-20T00:00:00",
"last_revision_date": "2019-05-20T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-233",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1287-1 du 17 mai 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191287-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1289-1 du 17 mai 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191289-1/"
}
]
}
Title
Red Hat Ceph设计漏洞
Description
Red Hat Ceph是美国红帽(Red Hat)公司的一套Linux PB级分布式文件系统。该系统的主要目标是设计成基于POSIX(可移植操作系统接口)的没有单点故障的分布式文件系统,使数据能容错和无缝的复制。Ceph branches master、mimic、luminous和jewel都是不同的Ceph版本。
Red Hat Ceph中存在安全漏洞,该漏洞源于cephx身份验证协议未能正确的验证ceph客户。攻击者可利用该漏洞执行ceph服务所允许的操作。
Severity
中
Patch Name
Red Hat Ceph设计漏洞的补丁
Patch Description
Red Hat Ceph是美国红帽(Red Hat)公司的一套Linux PB级分布式文件系统。该系统的主要目标是设计成基于POSIX(可移植操作系统接口)的没有单点故障的分布式文件系统,使数据能容错和无缝的复制。Ceph branches master、mimic、luminous和jewel都是不同的Ceph版本。
Red Hat Ceph中存在安全漏洞,该漏洞源于cephx身份验证协议未能正确的验证ceph客户。攻击者可利用该漏洞执行ceph服务所允许的操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: http://tracker.ceph.com/issues/24836
Reference
http://tracker.ceph.com/issues/24836
https://bugzilla.redhat.com/show_bug.cgi?id=1575866
https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
Impacted products
| Name | Red Hat Ceph |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-1128"
}
},
"description": "Red Hat Ceph\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957Linux PB\u7ea7\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u7684\u4e3b\u8981\u76ee\u6807\u662f\u8bbe\u8ba1\u6210\u57fa\u4e8ePOSIX\uff08\u53ef\u79fb\u690d\u64cd\u4f5c\u7cfb\u7edf\u63a5\u53e3\uff09\u7684\u6ca1\u6709\u5355\u70b9\u6545\u969c\u7684\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\uff0c\u4f7f\u6570\u636e\u80fd\u5bb9\u9519\u548c\u65e0\u7f1d\u7684\u590d\u5236\u3002Ceph branches master\u3001mimic\u3001luminous\u548cjewel\u90fd\u662f\u4e0d\u540c\u7684Ceph\u7248\u672c\u3002\r\n\r\nRed Hat Ceph\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ecephx\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u672a\u80fd\u6b63\u786e\u7684\u9a8c\u8bc1ceph\u5ba2\u6237\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884cceph\u670d\u52a1\u6240\u5141\u8bb8\u7684\u64cd\u4f5c\u3002",
"discovererName": "Red Hat",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://tracker.ceph.com/issues/24836",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-17721",
"openTime": "2018-09-06",
"patchDescription": "Red Hat Ceph\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957Linux PB\u7ea7\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u7684\u4e3b\u8981\u76ee\u6807\u662f\u8bbe\u8ba1\u6210\u57fa\u4e8ePOSIX\uff08\u53ef\u79fb\u690d\u64cd\u4f5c\u7cfb\u7edf\u63a5\u53e3\uff09\u7684\u6ca1\u6709\u5355\u70b9\u6545\u969c\u7684\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\uff0c\u4f7f\u6570\u636e\u80fd\u5bb9\u9519\u548c\u65e0\u7f1d\u7684\u590d\u5236\u3002Ceph branches master\u3001mimic\u3001luminous\u548cjewel\u90fd\u662f\u4e0d\u540c\u7684Ceph\u7248\u672c\u3002\r\n\r\nRed Hat Ceph\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ecephx\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u672a\u80fd\u6b63\u786e\u7684\u9a8c\u8bc1ceph\u5ba2\u6237\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884cceph\u670d\u52a1\u6240\u5141\u8bb8\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Red Hat Ceph\u8bbe\u8ba1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Red Hat Ceph"
},
"referenceLink": "http://tracker.ceph.com/issues/24836\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1575866\r\nhttps://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468",
"serverity": "\u4e2d",
"submitTime": "2018-07-12",
"title": "Red Hat Ceph\u8bbe\u8ba1\u6f0f\u6d1e"
}
FKIE_CVE-2018-1128
Vulnerability from fkie_nvd - Published: 2018-07-10 14:29 - Updated: 2024-11-21 03:59
Severity
Summary
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ceph_storage | 3 | |
| redhat | ceph_storage_mon | 2 | |
| redhat | ceph_storage_mon | 3 | |
| redhat | ceph_storage_osd | 2 | |
| redhat | ceph_storage_osd | 3 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| redhat | ceph | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9184616-421F-4EA9-AC1A-A4C95BBAAC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage_mon:2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2EBAD9-F0D5-4176-9C4D-001B230E699E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage_mon:3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2F9BA8-FE0A-43DE-A756-C35A24C3D96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage_osd:2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5F5227-DBDA-4C01-BF7C-4D53F455404F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage_osd:3:*:*:*:*:*:*:*",
"matchCriteriaId": "A80BACB5-7A56-4BC6-9261-58A3860F4E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E50612E-0E8A-4CCE-91DB-502079B9540C",
"versionEndIncluding": "13.2.1",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
},
{
"lang": "es",
"value": "Se ha descubierto que el protocolo de autenticaci\u00f3n cephx no verificaba correctamente los clientes ceph y era vulnerable a ataques de reproducci\u00f3n. Cualquier atacante que tenga acceso a la red de cl\u00fasters de ceph y que pueda rastrear paquetes en la red puede emplear esta vulnerabilidad para autenticarse con el servicio ceph y realizar acciones permitidas por el servicio ceph. Se cree que las ramas de ceph master, mimic, luminous y jewel son vulnerables."
}
],
"id": "CVE-2018-1128",
"lastModified": "2024-11-21T03:59:14.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-10T14:29:00.370",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://tracker.ceph.com/issues/24836"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575866"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://tracker.ceph.com/issues/24836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-XW3F-9QFW-V43F
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI
Details
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2018-1128"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-10T14:29:00Z",
"severity": "HIGH"
},
"details": "It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.",
"id": "GHSA-xw3f-9qfw-v43f",
"modified": "2022-05-13T01:13:27Z",
"published": "2022-05-13T01:13:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1128"
},
{
"type": "WEB",
"url": "https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575866"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"type": "WEB",
"url": "http://tracker.ceph.com/issues/24836"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-1128
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-1128",
"description": "It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.",
"id": "GSD-2018-1128",
"references": [
"https://www.suse.com/security/cve/CVE-2018-1128.html",
"https://www.debian.org/security/2018/dsa-4339",
"https://access.redhat.com/errata/RHSA-2018:2274",
"https://access.redhat.com/errata/RHSA-2018:2261",
"https://access.redhat.com/errata/RHSA-2018:2179",
"https://access.redhat.com/errata/RHSA-2018:2177",
"https://advisories.mageia.org/CVE-2018-1128.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-1128"
],
"details": "It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.",
"id": "GSD-2018-1128",
"modified": "2023-12-13T01:22:36.938092Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-07-09T00:00:00",
"ID": "CVE-2018-1128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph",
"version": {
"version_data": [
{
"version_value": "All versions in branches master, mimic, luminous and jewel"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2261",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468",
"refsource": "CONFIRM",
"url": "https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468"
},
{
"name": "RHSA-2018:2179",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "DSA-4339",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "http://tracker.ceph.com/issues/24836",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/24836"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1575866",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575866"
},
{
"name": "openSUSE-SU-2019:1284",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"name": "[oss-security] 20201117 CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/3"
},
{
"name": "[oss-security] 20201117 Re: CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/4"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:ceph_storage_mon:2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ceph_storage_osd:2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ceph_storage_osd:3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ceph_storage:3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:ceph_storage_mon:3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.2.1",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1128"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1575866",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575866"
},
{
"name": "http://tracker.ceph.com/issues/24836",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://tracker.ceph.com/issues/24836"
},
{
"name": "RHSA-2018:2179",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2177",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "RHSA-2018:2274",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "RHSA-2018:2261",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "DSA-4339",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "openSUSE-SU-2019:1284",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"name": "[oss-security] 20201117 CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/3"
},
{
"name": "[oss-security] 20201117 Re: CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2020/11/17/4"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-11-17T19:15Z",
"publishedDate": "2018-07-10T14:29Z"
}
}
}
OPENSUSE-SU-2019:1284-1
Vulnerability from csaf_opensuse - Published: 2019-04-27 15:48 - Updated: 2019-04-27 15:48Summary
Security update for ceph
Severity
Moderate
Notes
Title of the patch: Security update for ceph
Description of the patch: This update for ceph version 13.2.4 fixes the following issues:
Security issues fixed:
- CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety (bsc#1111177)
- CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon (bsc#1099162)
- CVE-2018-1128: Fixed signature check bypass in cephx (bsc#1096748)
- CVE-2018-1129: Fixed replay attack in cephx protocol (bsc#1096748)
- CVE-2018-16846: Enforced bounds on max-keys/max-uploads/max-parts in rgw (bsc#1114710)
Non-security issues fixed:
- ceph-volume Python 3 fixes (bsc#1114567)
- Fixed python3 module loading (bsc#1086613)
- Fixed an issue where ceph build fails (bsc#1084645)
- ceph's SPDK builds with march=native (bsc#1101262)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1284
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.5 (Medium)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ceph",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ceph version 13.2.4 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-14662: Fixed an issue with LUKS \u0027config-key\u0027 safety (bsc#1111177)\n- CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon (bsc#1099162)\n- CVE-2018-1128: Fixed signature check bypass in cephx (bsc#1096748)\n- CVE-2018-1129: Fixed replay attack in cephx protocol (bsc#1096748)\n- CVE-2018-16846: Enforced bounds on max-keys/max-uploads/max-parts in rgw (bsc#1114710)\n\nNon-security issues fixed:\n\n- ceph-volume Python 3 fixes (bsc#1114567)\n- Fixed python3 module loading (bsc#1086613)\n- Fixed an issue where ceph build fails (bsc#1084645)\n- ceph\u0027s SPDK builds with march=native (bsc#1101262)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1284",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1284-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1284-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3PBU365BKTDZHLKZL2NDWGZPNQHYX4IW/#3PBU365BKTDZHLKZL2NDWGZPNQHYX4IW"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1284-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3PBU365BKTDZHLKZL2NDWGZPNQHYX4IW/#3PBU365BKTDZHLKZL2NDWGZPNQHYX4IW"
},
{
"category": "self",
"summary": "SUSE Bug 1084645",
"url": "https://bugzilla.suse.com/1084645"
},
{
"category": "self",
"summary": "SUSE Bug 1086613",
"url": "https://bugzilla.suse.com/1086613"
},
{
"category": "self",
"summary": "SUSE Bug 1096748",
"url": "https://bugzilla.suse.com/1096748"
},
{
"category": "self",
"summary": "SUSE Bug 1099162",
"url": "https://bugzilla.suse.com/1099162"
},
{
"category": "self",
"summary": "SUSE Bug 1101262",
"url": "https://bugzilla.suse.com/1101262"
},
{
"category": "self",
"summary": "SUSE Bug 1111177",
"url": "https://bugzilla.suse.com/1111177"
},
{
"category": "self",
"summary": "SUSE Bug 1114567",
"url": "https://bugzilla.suse.com/1114567"
},
{
"category": "self",
"summary": "SUSE Bug 1114710",
"url": "https://bugzilla.suse.com/1114710"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10861 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1128 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1129 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14662 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16846 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16846/"
}
],
"title": "Security update for ceph",
"tracking": {
"current_release_date": "2019-04-27T15:48:20Z",
"generator": {
"date": "2019-04-27T15:48:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1284-1",
"initial_release_date": "2019-04-27T15:48:20Z",
"revision_history": [
{
"date": "2019-04-27T15:48:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product": {
"name": "rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"product_id": "rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
},
"product_reference": "rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10861"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10861",
"url": "https://www.suse.com/security/cve/CVE-2018-10861"
},
{
"category": "external",
"summary": "SUSE Bug 1099162 for CVE-2018-10861",
"url": "https://bugzilla.suse.com/1099162"
},
{
"category": "external",
"summary": "SUSE Bug 1114710 for CVE-2018-10861",
"url": "https://bugzilla.suse.com/1114710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T15:48:20Z",
"details": "important"
}
],
"title": "CVE-2018-10861"
},
{
"cve": "CVE-2018-1128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1128"
}
],
"notes": [
{
"category": "general",
"text": "It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1128",
"url": "https://www.suse.com/security/cve/CVE-2018-1128"
},
{
"category": "external",
"summary": "SUSE Bug 1096748 for CVE-2018-1128",
"url": "https://bugzilla.suse.com/1096748"
},
{
"category": "external",
"summary": "SUSE Bug 1114710 for CVE-2018-1128",
"url": "https://bugzilla.suse.com/1114710"
},
{
"category": "external",
"summary": "SUSE Bug 1177843 for CVE-2018-1128",
"url": "https://bugzilla.suse.com/1177843"
},
{
"category": "external",
"summary": "SUSE Bug 1177859 for CVE-2018-1128",
"url": "https://bugzilla.suse.com/1177859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T15:48:20Z",
"details": "important"
}
],
"title": "CVE-2018-1128"
},
{
"cve": "CVE-2018-1129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1129"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1129",
"url": "https://www.suse.com/security/cve/CVE-2018-1129"
},
{
"category": "external",
"summary": "SUSE Bug 1096748 for CVE-2018-1129",
"url": "https://bugzilla.suse.com/1096748"
},
{
"category": "external",
"summary": "SUSE Bug 1114710 for CVE-2018-1129",
"url": "https://bugzilla.suse.com/1114710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T15:48:20Z",
"details": "important"
}
],
"title": "CVE-2018-1129"
},
{
"cve": "CVE-2018-14662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14662"
}
],
"notes": [
{
"category": "general",
"text": "It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14662",
"url": "https://www.suse.com/security/cve/CVE-2018-14662"
},
{
"category": "external",
"summary": "SUSE Bug 1111177 for CVE-2018-14662",
"url": "https://bugzilla.suse.com/1111177"
},
{
"category": "external",
"summary": "SUSE Bug 1114710 for CVE-2018-14662",
"url": "https://bugzilla.suse.com/1114710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 1.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T15:48:20Z",
"details": "low"
}
],
"title": "CVE-2018-14662"
},
{
"cve": "CVE-2018-16846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16846"
}
],
"notes": [
{
"category": "general",
"text": "It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16846",
"url": "https://www.suse.com/security/cve/CVE-2018-16846"
},
{
"category": "external",
"summary": "SUSE Bug 1114710 for CVE-2018-16846",
"url": "https://bugzilla.suse.com/1114710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:ceph-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-base-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-common-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mds-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mgr-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-mon-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-osd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-radosgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-resource-agents-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libcephfs2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librados2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:libradosstriper1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librbd1-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:librgw2-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-cephfs-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rados-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:python3-rgw-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rados-objclass-devel-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-fuse-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-mirror-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:rbd-nbd-13.2.4.125+gad802694f5-lp150.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T15:48:20Z",
"details": "moderate"
}
],
"title": "CVE-2018-16846"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…