UbuntuUpdates.org

Package "libcephfs2"

Name: libcephfs2

Description:

Ceph distributed file system client library

Latest version: 12.2.13-0ubuntu0.18.04.11
Release: bionic (18.04)
Level: updates
Repository: main
Head package: ceph
Homepage: http://ceph.com/

Links


Download "libcephfs2"


Other versions of "libcephfs2" in Bionic

Repository Area Version
base main 12.2.4-0ubuntu1
security main 12.2.13-0ubuntu0.18.04.11

Changelog

Version: 12.2.13-0ubuntu0.18.04.11 2023-05-09 19:07:11 UTC

  ceph (12.2.13-0ubuntu0.18.04.11) bionic-security; urgency=medium

  * SECURITY UPDATE: non random key via key length flaw
    - debian/patches/CVE-2021-3979.patch: honour osd_dmcrypt_key_size
      option in src/ceph-volume/ceph_volume/tests/util/test_encryption.py,
      src/ceph-volume/ceph_volume/util/encryption.py.
    - CVE-2021-3979

 -- Marc Deslauriers <email address hidden> Wed, 19 Apr 2023 11:37:58 -0400

Source diff to previous version
CVE-2021-3979 A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algo

Version: 12.2.13-0ubuntu0.18.04.10 2021-11-01 21:06:23 UTC

  ceph (12.2.13-0ubuntu0.18.04.10) bionic-security; urgency=medium

  * SECURITY UPDATE: user credentials issue
    - debian/patches/CVE-2020-27781-1.patch: fix PEP-8 SyntaxWarning in
      src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-2.patch: disallow authorize auth_id in
      src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-3.patch: preserve existing caps while
      authorize/deauthorize auth-id in src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-4.patch: optionally authorize existing
      auth-ids in src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-5.patch: add tests in
      qa/tasks/cephfs/test_volume_client.py.
    - CVE-2020-27781
  * SECURITY UPDATE: HTTP headers injection
    - debian/patches/CVE-2021-3524.patch: add more escaping to headers in
      src/rgw/rgw_cors.cc.
    - CVE-2021-3524
  * SECURITY UPDATE: denial of service in rgw
    - debian/patches/CVE-2021-3531.patch: checks empty subdir_name in
      src/rgw/rgw_rest_swift.cc.
    - CVE-2021-3531
  * This package does _not_ contain the changes from the
    12.2.13-0ubuntu0.18.04.9 package in bionic-proposed.

 -- Marc Deslauriers <email address hidden> Fri, 24 Sep 2021 09:46:46 -0400

Source diff to previous version
CVE-2020-27781 User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open S
CVE-2021-3524 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection
CVE-2021-3531 A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes

Version: 12.2.13-0ubuntu0.18.04.8 2021-06-21 11:06:21 UTC

  ceph (12.2.13-0ubuntu0.18.04.8) bionic; urgency=medium

  * d/p/lp1908375*.patch: remove blkid calls from ceph-volume lvm list
    to improve performance/experience in systems with large numbers of
    slow disks (LP: #1908375).

 -- Dariusz Gadomski <email address hidden> Mon, 07 Jun 2021 16:39:26 +0200

Source diff to previous version
1908375 ceph-volume lvm list \u003cdevice\u003e calls blkid numerous times for differrent devices

Version: 12.2.13-0ubuntu0.18.04.7 2021-05-06 11:07:14 UTC

  ceph (12.2.13-0ubuntu0.18.04.7) bionic; urgency=medium

  * d/p/bug1914911.patch: cherry pick fix to ensure more regular compaction
    of the bluefs log (LP: #1914911).

 -- Ponnuvel Palaniyappan <email address hidden> Fri, 26 Mar 2021 09:35:30 +0000

Source diff to previous version
1914911 [SRU] bluefs doesn't compact log file

Version: 12.2.13-0ubuntu0.18.04.6 2021-01-18 12:07:30 UTC

  ceph (12.2.13-0ubuntu0.18.04.6) bionic; urgency=medium

  * d/p/bug1906496.patch: disable network stats in
    dump_osd_stats (LP: #1906496)

 -- Ponnuvel Palaniyappan <email address hidden> Mon, 07 Dec 2020 18:15:24 +0000




About   -   Send Feedback to @ubuntu_updates