Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2021.1473.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:1473-1)
Summary:The remote host is missing an update for the 'ceph' package(s) announced via the SUSE-SU-2021:1473-1 advisory.
Description:Summary:
The remote host is missing an update for the 'ceph' package(s) announced via the SUSE-SU-2021:1473-1 advisory.

Vulnerability Insight:
This update for ceph fixes the following issues:

ceph was updated to 14.2.20-402-g6aa76c6815:
* CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074).
* CVE-2020-25678: Do not add sensitive information in Ceph log files
(bsc#1178905).
* CVE-2020-27839: Use secure cookies to store JWT Token (bsc#1179997).
* mgr/dashboard: prometheus alerting: add some leeway for package
drops and errors (bsc#1145463)
* mon: have 'mon stat' output json as well (bsc#1174466)
* rpm: ceph-mgr-dashboard recommends python3-saml on SUSE (bsc#1177200)
* mgr/dashboard: Display a warning message in Dashboard when debug
mode is enabled (bsc#1178235)
* rgw: cls/user: set from_index for reset stats calls (bsc#1178837)
* mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860)
* bluestore: provide a different name for fallback allocator
(bsc#1180118)
* test/run-cli-tests: use cram from github (bsc#1181378)
* mgr/dashboard: fix 'Python2 Cookie module import fails on Python3'
(bsc#1183487)
* common: make ms_bind_msgr2 default to 'false' (bsc#1180594)

Affected Software/OS:
'ceph' package(s) on SUSE Manager Server 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Proxy 4.0, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Enterprise Storage 6, SUSE CaaS Platform 4.0

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-25678
Common Vulnerability Exposure (CVE) ID: CVE-2020-27839
Common Vulnerability Exposure (CVE) ID: CVE-2021-20288
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.