SUSE-SU-2020:1748-1

Details

This is a version update for ceph to version 12.2.13:

Security issue fixed:

CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag (bsc#1171921).
Notable changes in this update for ceph:
- mgr: telemetry: backported and now available on SES5.5. Please consider enabling via 'ceph telemetry on' (bsc#1171670)
- OSD heartbeat ping time: new health warning, options and admin commands (bsc#1171960)
- 'osd_calc_pg_upmaps_max_stddev' ceph.conf parameter has been removed; use 'upmap_max_deviation' instead (bsc#1171961)
- Default maximum concurrent bluestore rocksdb compaction threads raised from 1 to 2 for improved ability to keep up with rgw bucket index workloads (bsc#1171963)
Bug fixes in this ceph update:
- mon: Error message displayed when mon_osd_max_split_count would be exceeded is not as user-friendly as it could be (bsc#1126230)
- ceph_volume_client: remove ceph mds calls in favor of ceph fs calls (bsc#1136082)
- rgw: crypt: permit RGW-AUTO/default with SSE-S3 headers (bsc#1157607)
- mon/AuthMonitor: don't validate fs caps on authorize (bsc#1161096)
Additional bug fixes:
- ceph-volume: strip _dmcrypt suffix in simple scan json output (bsc#1162553)

Affected Packages(30 packages)

ceph

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP3-LTSSSUSE Linux Enterprise Server 12 SP4

Fixed in: