CVE-2020-1699: I have disabled the dashboard module on clusters where it was enabled (kelly, kopano).
CVE-2020-1700: we are running luminous, but luminous-beast has the same code-path. ceph-12.2.12-0.4.el7 built in koji with the patch; restarted rgw's.
---------- Forwarded message ---------
From: David Galloway <firstname.lastname@example.org>
Date: Fri, Jan 31, 2020 at 10:49 PM
Subject: v14.2.7 Nautilus released
To: <email@example.com>, <firstname.lastname@example.org>, <email@example.com>, <firstname.lastname@example.org>
This is the seventh update to the Ceph Nautilus release series. This is
a hotfix release primarily fixing a couple of security issues. We
recommend that all users upgrade to this release.
* CVE-2020-1699: Fixed a path traversal flaw in Ceph dashboard that
for potential information disclosure (Ernesto Puerta)
* CVE-2020-1700: Fixed a flaw in RGW beast frontend that could lead to
service from an unauthenticated client (Or Friedmann)
ceph/jim was upgraded from mimic to nautilus. So far so good.
We are occasionally seeing an osdc (osd client) deadlock on the kernel client. Restarting the relevant osd unblocks the client. Thread here: https://email@example.com/thread/CKTIM6LF274RVHSSCSDNCQR35PYSTLEK/
CEPH-818: First nodes for ceph/nethub just booting. Testing the SSDs installed by CF, then proceed with the full cluster installation.