Bug 1111177 - (CVE-2018-14662) VUL-1: CVE-2018-14662: ceph: LUKS "config-key" safety issue
(CVE-2018-14662)
VUL-1: CVE-2018-14662: ceph: LUKS "config-key" safety issue
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Nathan Cutler
Security Team bot
CVSSv3:SUSE:CVE-2018-14662:1.8:(AV:P/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-09 09:07 UTC by Alexander Bergmann
Modified: 2020-04-01 08:28 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Johannes Segitz 2018-10-10 07:31:35 UTC
This is a embargoed bug. This means that this information is not public. Please
- do not talk to other people about this unless they're involved in fixing the issue
- do not submit this into OBS (e.g. fix Leap) until this is public
- do not make this bug public
- Please be aware that the SUSE:SLE-12-SP4:GA and SUSE:SLE-15-SP1:GA codestreams are available via OBS.
  This means that you can't submit security fixes for embargoed issues to these GA codestreams under
  development until they become public.

In doubt please talk to us on IRC (#security) or sent us a mail.
Comment 2 Nathan Cutler 2019-01-22 13:28:53 UTC
This bug is now public - see https://ceph.com/releases/13-2-4-mimic-released/
Comment 5 Swamp Workflow Management 2019-02-26 20:09:41 UTC
SUSE-SU-2019:0499-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1111177,1113246,1114710,1121567
CVE References: CVE-2018-14662,CVE-2018-16846,CVE-2018-16889
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    ceph-12.2.10+git.1549630712.bb089269ea-2.27.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ceph-12.2.10+git.1549630712.bb089269ea-2.27.2
SUSE Linux Enterprise Server 12-SP4 (src):    ceph-12.2.10+git.1549630712.bb089269ea-2.27.2
SUSE Linux Enterprise Server 12-SP3 (src):    ceph-12.2.10+git.1549630712.bb089269ea-2.27.2
SUSE Linux Enterprise Desktop 12-SP4 (src):    ceph-12.2.10+git.1549630712.bb089269ea-2.27.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    ceph-12.2.10+git.1549630712.bb089269ea-2.27.2
SUSE Enterprise Storage 5 (src):    ceph-12.2.10+git.1549630712.bb089269ea-2.27.2
SUSE CaaS Platform ALL (src):    ceph-12.2.10+git.1549630712.bb089269ea-2.27.2
SUSE CaaS Platform 3.0 (src):    ceph-12.2.10+git.1549630712.bb089269ea-2.27.2
Comment 6 Swamp Workflow Management 2019-03-08 14:16:12 UTC
openSUSE-SU-2019:0306-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1111177,1113246,1114710,1121567
CVE References: CVE-2018-14662,CVE-2018-16846,CVE-2018-16889
Sources used:
openSUSE Leap 42.3 (src):    ceph-12.2.10+git.1549630712.bb089269ea-21.1, ceph-test-12.2.10+git.1549630712.bb089269ea-21.1
Comment 7 Swamp Workflow Management 2019-03-11 13:20:35 UTC
This is an autogenerated message for OBS integration:
This bug (1111177) was mentioned in
https://build.opensuse.org/request/show/683881 15.0 / ceph
Comment 8 Swamp Workflow Management 2019-03-12 20:15:32 UTC
SUSE-SU-2019:0586-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1084645,1086613,1096748,1099162,1101262,1111177,1114567
CVE References: CVE-2018-10861,CVE-2018-1128,CVE-2018-1129,CVE-2018-14662,CVE-2018-16846
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    ceph-13.2.4.125+gad802694f5-3.7.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    ceph-13.2.4.125+gad802694f5-3.7.2
Comment 9 Swamp Workflow Management 2019-04-27 22:33:21 UTC
openSUSE-SU-2019:1284-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1084645,1086613,1096748,1099162,1101262,1111177,1114567,1114710
CVE References: CVE-2018-10861,CVE-2018-1128,CVE-2018-1129,CVE-2018-14662,CVE-2018-16846
Sources used:
openSUSE Leap 15.0 (src):    ceph-13.2.4.125+gad802694f5-lp150.2.3.1, ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1