{"id":"SUSE-SU-2016:0806-1","summary":"Security update for ceph","details":"\nThis update provides Ceph 0.8.11, which fixes the following security issue:\n\n- CVE-2015-5245: A CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw\n  or RGW) could allow remote attackers to inject arbitrary HTTP headers and conduct\n  HTTP response splitting attacks via a crafted bucket name. (bsc#945206)\n\nThe following non-security issues have been fixed:\n\n- Move ceph-rbdnamer binary from package 'ceph' to 'ceph-common'. (bsc#965619)\n- Install /usr/bin/radosgw with mode 0750 and owner root:www. (bsc#964907)\n- Loop over all ceph-related systemd units on rpm removal. (bsc#941628)\n- Perform ceph-disk activate in separate systemd services, rather than in udev directly.\n  (bsc#926756)\n- Add hyphen to systemctl reload in logrotate.conf to avoid matching ceph.target.\n  (bsc#931451)\n\nCeph 0.8.11 also brings a significant number of bug fixes and enhancements. For a\ncomprehensive list please refer to the package's change log.\n","modified":"2026-03-11T06:23:23.640656Z","published":"2016-03-17T14:39:05Z","related":["CVE-2015-5245"],"upstream":["CVE-2015-5245"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20160806-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/926756"},{"type":"REPORT","url":"https://bugzilla.suse.com/931451"},{"type":"REPORT","url":"https://bugzilla.suse.com/941628"},{"type":"REPORT","url":"https://bugzilla.suse.com/945206"},{"type":"REPORT","url":"https://bugzilla.suse.com/964907"},{"type":"REPORT","url":"https://bugzilla.suse.com/965619"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5245"}],"affected":[{"package":{"name":"ceph","ecosystem":"SUSE:Enterprise Storage 1.0","purl":"pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%201.0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.80.11-8.1"}]}],"ecosystem_specific":{"binaries":[{"ceph-fuse":"0.80.11-8.1","ceph-radosgw":"0.80.11-8.1","librbd1":"0.80.11-8.1","librados2":"0.80.11-8.1","libcephfs1":"0.80.11-8.1","ceph-test":"0.80.11-8.1","ceph":"0.80.11-8.1","rbd-fuse":"0.80.11-8.1","python-ceph":"0.80.11-8.1","ceph-common":"0.80.11-8.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0806-1.json"}}],"schema_version":"1.7.5"}