An update for ceph is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1009 Final 1.0 1.0 2021-02-04 Initial 2021-02-04 2021-02-04 openEuler SA Tool V1.0 2021-02-04 ceph security update An update for ceph is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1. Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.\r\n\r\n Security Fix(es):\r\n\r\n An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.(CVE-2020-12059)\r\n\r\n An update for ceph is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.\r\n\r\n openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High ceph https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1009 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-12059 https://nvd.nist.gov/vuln/detail/CVE-2020-12059 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 librgw2-12.2.8-10.oe1.aarch64.rpm ceph-radosgw-12.2.8-10.oe1.aarch64.rpm librados-devel-12.2.8-10.oe1.aarch64.rpm ceph-osd-12.2.8-10.oe1.aarch64.rpm ceph-mgr-12.2.8-10.oe1.aarch64.rpm ceph-mon-12.2.8-10.oe1.aarch64.rpm rbd-mirror-12.2.8-10.oe1.aarch64.rpm librgw-devel-12.2.8-10.oe1.aarch64.rpm rbd-nbd-12.2.8-10.oe1.aarch64.rpm python3-rbd-12.2.8-10.oe1.aarch64.rpm libradosstriper1-12.2.8-10.oe1.aarch64.rpm ceph-debugsource-12.2.8-10.oe1.aarch64.rpm python-ceph-compat-12.2.8-10.oe1.aarch64.rpm ceph-test-12.2.8-10.oe1.aarch64.rpm rbd-fuse-12.2.8-10.oe1.aarch64.rpm python-rgw-12.2.8-10.oe1.aarch64.rpm ceph-debuginfo-12.2.8-10.oe1.aarch64.rpm ceph-fuse-12.2.8-10.oe1.aarch64.rpm librbd1-12.2.8-10.oe1.aarch64.rpm python3-cephfs-12.2.8-10.oe1.aarch64.rpm ceph-common-12.2.8-10.oe1.aarch64.rpm ceph-mds-12.2.8-10.oe1.aarch64.rpm libcephfs2-12.2.8-10.oe1.aarch64.rpm ceph-selinux-12.2.8-10.oe1.aarch64.rpm python-cephfs-12.2.8-10.oe1.aarch64.rpm ceph-resource-agents-12.2.8-10.oe1.aarch64.rpm libradosstriper-devel-12.2.8-10.oe1.aarch64.rpm librbd-devel-12.2.8-10.oe1.aarch64.rpm python3-rgw-12.2.8-10.oe1.aarch64.rpm python-rados-12.2.8-10.oe1.aarch64.rpm libcephfs-devel-12.2.8-10.oe1.aarch64.rpm rados-objclass-devel-12.2.8-10.oe1.aarch64.rpm python3-rados-12.2.8-10.oe1.aarch64.rpm python-rbd-12.2.8-10.oe1.aarch64.rpm python3-ceph-argparse-12.2.8-10.oe1.aarch64.rpm librados2-12.2.8-10.oe1.aarch64.rpm ceph-12.2.8-10.oe1.aarch64.rpm ceph-base-12.2.8-10.oe1.aarch64.rpm librgw2-12.2.8-10.oe1.aarch64.rpm ceph-radosgw-12.2.8-10.oe1.aarch64.rpm librados-devel-12.2.8-10.oe1.aarch64.rpm ceph-osd-12.2.8-10.oe1.aarch64.rpm ceph-mgr-12.2.8-10.oe1.aarch64.rpm ceph-mon-12.2.8-10.oe1.aarch64.rpm rbd-mirror-12.2.8-10.oe1.aarch64.rpm librgw-devel-12.2.8-10.oe1.aarch64.rpm rbd-nbd-12.2.8-10.oe1.aarch64.rpm python3-rbd-12.2.8-10.oe1.aarch64.rpm libradosstriper1-12.2.8-10.oe1.aarch64.rpm ceph-debugsource-12.2.8-10.oe1.aarch64.rpm python-ceph-compat-12.2.8-10.oe1.aarch64.rpm ceph-test-12.2.8-10.oe1.aarch64.rpm rbd-fuse-12.2.8-10.oe1.aarch64.rpm python-rgw-12.2.8-10.oe1.aarch64.rpm ceph-debuginfo-12.2.8-10.oe1.aarch64.rpm ceph-fuse-12.2.8-10.oe1.aarch64.rpm librbd1-12.2.8-10.oe1.aarch64.rpm python3-cephfs-12.2.8-10.oe1.aarch64.rpm ceph-common-12.2.8-10.oe1.aarch64.rpm ceph-mds-12.2.8-10.oe1.aarch64.rpm libcephfs2-12.2.8-10.oe1.aarch64.rpm ceph-selinux-12.2.8-10.oe1.aarch64.rpm python-cephfs-12.2.8-10.oe1.aarch64.rpm ceph-resource-agents-12.2.8-10.oe1.aarch64.rpm libradosstriper-devel-12.2.8-10.oe1.aarch64.rpm librbd-devel-12.2.8-10.oe1.aarch64.rpm python3-rgw-12.2.8-10.oe1.aarch64.rpm python-rados-12.2.8-10.oe1.aarch64.rpm libcephfs-devel-12.2.8-10.oe1.aarch64.rpm rados-objclass-devel-12.2.8-10.oe1.aarch64.rpm python3-rados-12.2.8-10.oe1.aarch64.rpm python-rbd-12.2.8-10.oe1.aarch64.rpm python3-ceph-argparse-12.2.8-10.oe1.aarch64.rpm librados2-12.2.8-10.oe1.aarch64.rpm ceph-12.2.8-10.oe1.aarch64.rpm ceph-base-12.2.8-10.oe1.aarch64.rpm ceph-12.2.8-10.oe1.src.rpm ceph-12.2.8-10.oe1.src.rpm libradosstriper1-12.2.8-10.oe1.x86_64.rpm python-rgw-12.2.8-10.oe1.x86_64.rpm ceph-debugsource-12.2.8-10.oe1.x86_64.rpm ceph-selinux-12.2.8-10.oe1.x86_64.rpm ceph-fuse-12.2.8-10.oe1.x86_64.rpm python3-ceph-argparse-12.2.8-10.oe1.x86_64.rpm ceph-mon-12.2.8-10.oe1.x86_64.rpm python3-cephfs-12.2.8-10.oe1.x86_64.rpm rbd-nbd-12.2.8-10.oe1.x86_64.rpm ceph-mds-12.2.8-10.oe1.x86_64.rpm python3-rbd-12.2.8-10.oe1.x86_64.rpm librbd-devel-12.2.8-10.oe1.x86_64.rpm ceph-test-12.2.8-10.oe1.x86_64.rpm rbd-fuse-12.2.8-10.oe1.x86_64.rpm ceph-osd-12.2.8-10.oe1.x86_64.rpm librgw2-12.2.8-10.oe1.x86_64.rpm python-ceph-compat-12.2.8-10.oe1.x86_64.rpm libcephfs2-12.2.8-10.oe1.x86_64.rpm libradosstriper-devel-12.2.8-10.oe1.x86_64.rpm librgw-devel-12.2.8-10.oe1.x86_64.rpm ceph-base-12.2.8-10.oe1.x86_64.rpm ceph-radosgw-12.2.8-10.oe1.x86_64.rpm python3-rados-12.2.8-10.oe1.x86_64.rpm python-rados-12.2.8-10.oe1.x86_64.rpm ceph-mgr-12.2.8-10.oe1.x86_64.rpm librbd1-12.2.8-10.oe1.x86_64.rpm librados-devel-12.2.8-10.oe1.x86_64.rpm python-cephfs-12.2.8-10.oe1.x86_64.rpm librados2-12.2.8-10.oe1.x86_64.rpm ceph-debuginfo-12.2.8-10.oe1.x86_64.rpm ceph-common-12.2.8-10.oe1.x86_64.rpm python-rbd-12.2.8-10.oe1.x86_64.rpm ceph-12.2.8-10.oe1.x86_64.rpm python3-rgw-12.2.8-10.oe1.x86_64.rpm libcephfs-devel-12.2.8-10.oe1.x86_64.rpm ceph-resource-agents-12.2.8-10.oe1.x86_64.rpm rbd-mirror-12.2.8-10.oe1.x86_64.rpm rados-objclass-devel-12.2.8-10.oe1.x86_64.rpm libradosstriper1-12.2.8-10.oe1.x86_64.rpm python-rgw-12.2.8-10.oe1.x86_64.rpm ceph-debugsource-12.2.8-10.oe1.x86_64.rpm ceph-selinux-12.2.8-10.oe1.x86_64.rpm ceph-fuse-12.2.8-10.oe1.x86_64.rpm python3-ceph-argparse-12.2.8-10.oe1.x86_64.rpm ceph-mon-12.2.8-10.oe1.x86_64.rpm python3-cephfs-12.2.8-10.oe1.x86_64.rpm rbd-nbd-12.2.8-10.oe1.x86_64.rpm ceph-mds-12.2.8-10.oe1.x86_64.rpm python3-rbd-12.2.8-10.oe1.x86_64.rpm librbd-devel-12.2.8-10.oe1.x86_64.rpm ceph-test-12.2.8-10.oe1.x86_64.rpm rbd-fuse-12.2.8-10.oe1.x86_64.rpm ceph-osd-12.2.8-10.oe1.x86_64.rpm librgw2-12.2.8-10.oe1.x86_64.rpm python-ceph-compat-12.2.8-10.oe1.x86_64.rpm libcephfs2-12.2.8-10.oe1.x86_64.rpm libradosstriper-devel-12.2.8-10.oe1.x86_64.rpm librgw-devel-12.2.8-10.oe1.x86_64.rpm ceph-base-12.2.8-10.oe1.x86_64.rpm ceph-radosgw-12.2.8-10.oe1.x86_64.rpm python3-rados-12.2.8-10.oe1.x86_64.rpm python-rados-12.2.8-10.oe1.x86_64.rpm ceph-mgr-12.2.8-10.oe1.x86_64.rpm librbd1-12.2.8-10.oe1.x86_64.rpm librados-devel-12.2.8-10.oe1.x86_64.rpm python-cephfs-12.2.8-10.oe1.x86_64.rpm librados2-12.2.8-10.oe1.x86_64.rpm ceph-debuginfo-12.2.8-10.oe1.x86_64.rpm ceph-common-12.2.8-10.oe1.x86_64.rpm python-rbd-12.2.8-10.oe1.x86_64.rpm ceph-12.2.8-10.oe1.x86_64.rpm python3-rgw-12.2.8-10.oe1.x86_64.rpm libcephfs-devel-12.2.8-10.oe1.x86_64.rpm ceph-resource-agents-12.2.8-10.oe1.x86_64.rpm rbd-mirror-12.2.8-10.oe1.x86_64.rpm rados-objclass-devel-12.2.8-10.oe1.x86_64.rpm An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. 2021-02-04 CVE-2020-12059 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ceph security update 2021-02-04 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1009