==================================================================== CERT-Renater Note d'Information No. 2020/VULN705 _____________________________________________________________________ DATE : 24/12/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running ceph versions prior to 15.2.8. ===================================================================== https://lists.ceph.io/hyperkitty/list/ceph-announce@ceph.io/thread/TDZ6VLYE33XJIQ6ZFAAMEVB6IQUTYVG7/ _____________________________________________________________________ We're happy to announce the 8th backport release in the Octopus series. This release fixes a security flaw in CephFS and includes a number of bug fixes. We recommend users to update to this release. For a detailed release notes with links & changelog please refer to the official blog entry at https://ceph.io/releases/v15-2-8-octopus-released Notable Changes --------------- * CVE-2020-27781 : OpenStack Manila use of ceph_volume_client.py library allowed tenant access to any Ceph credential's secret. (Kotresh Hiremath Ravishankar, Ramana Raja) * ceph-volume: The `lvm batch` subcommand received a major rewrite. This closed a number of bugs and improves usability in terms of size specification and calculation, as well as idempotency behaviour and disk replacement process. Please refer to https://docs.ceph.com/en/latest/ceph-volume/lvm/batch/ for more detailed information. * MON: The cluster log now logs health detail every `mon_health_to_clog_interval`, which has been changed from 1hr to 10min. Logging of health detail will be skipped if there is no change in health summary since last known. * The `ceph df` command now lists the number of pgs in each pool. * The `bluefs_preextend_wal_files` option has been removed. * It is now possible to specify the initial monitor to contact for Ceph tools and daemons using the `mon_host_override` config option or `--mon-host-override ` command-line switch. This generally should only be used for debugging and only affects initial communication with Ceph's monitor cluster. Getting Ceph ------------ * Git at git://github.com/ceph/ceph.git * Tarball at http://download.ceph.com/tarballs/ceph-15.2.8.tar.gz * For packages, see http://docs.ceph.com/docs/master/install/get-packages/ * Release git sha1: bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================