This update provides Ceph 0.8.11, which fixes the following security issue:
- CVE-2015-5245: A CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw
or RGW) could allow remote attackers to inject arbitrary HTTP headers and conduct
HTTP response splitting attacks via a crafted bucket name. (bsc#945206)
The following non-security issues have been fixed:
- Move ceph-rbdnamer binary from package 'ceph' to 'ceph-common'. (bsc#965619)
- Install /usr/bin/radosgw with mode 0750 and owner root:www. (bsc#964907)
- Loop over all ceph-related systemd units on rpm removal. (bsc#941628)
- Perform ceph-disk activate in separate systemd services, rather than in udev directly.
(bsc#926756)
- Add hyphen to systemctl reload in logrotate.conf to avoid matching ceph.target.
(bsc#931451)
Ceph 0.8.11 also brings a significant number of bug fixes and enhancements. For a
comprehensive list please refer to the package's change log.