Package "ceph-mds"
Name: |
ceph-mds
|
Description: |
metadata server for the ceph distributed file system
|
Latest version: |
0.80.11-0ubuntu1.14.04.3 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
universe |
Head package: |
ceph |
Homepage: |
http://ceph.com/ |
Links
Download "ceph-mds"
Other versions of "ceph-mds" in Trusty
Changelog
ceph (0.80.11-0ubuntu1.14.04.3) trusty-security; urgency=medium
* SECURITY UPDATE: DoS in handle_command function
- debian/patches/CVE-2016-5009.patch: validate prefix in
src/mon/Monitor.cc, add test to src/test/librados/cmd.cc.
- CVE-2016-5009
* SECURITY UPDATE: anonymouse user bucket contents list via a URL
- debian/patches/CVE-2016-7031.patch: check ACLs in
src/rgw/rgw_acl_s3.cc, src/rgw/rgw_op.cc.
- CVE-2016-7031
* SECURITY UPDATE: DoS via POST object with null conditions
- debian/patches/CVE-2016-8626.patch: handle empty POST condition in
src/rgw/rgw_policy_s3.cc.
- CVE-2016-8626
* SECURITY UPDATE: DoS via request with invalid HTTP Origin header
- debian/patches/CVE-2016-9579.patch: do not abort on short origin in
src/rgw/rgw_cors.cc.
- CVE-2016-9579
-- Marc Deslauriers <email address hidden> Mon, 25 Sep 2017 16:44:20 -0400
|
CVE-2016-5009 |
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph mon |
CVE-2016-7031 |
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL |
CVE-2016-8626 |
RGW Denial of Service by sending POST object with null conditions |
CVE-2016-9579 |
RGW server DoS via request with invalid HTTP Origin header |
|
About
-
Send Feedback to @ubuntu_updates