UbuntuUpdates.org

Package "ceph"

Name: ceph

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • metadata server for the ceph distributed file system
  • OCF-compliant resource agents for Ceph
  • Ceph test and benchmarking tools
  • Java library for the Ceph File System

Latest version: 12.2.13-0ubuntu0.18.04.4
Release: bionic (18.04)
Level: security
Repository: universe

Links



Other versions of "ceph" in Bionic

Repository Area Version
base main 12.2.4-0ubuntu1
base universe 12.2.4-0ubuntu1
security main 12.2.13-0ubuntu0.18.04.4
updates universe 12.2.13-0ubuntu0.18.04.4
updates main 12.2.13-0ubuntu0.18.04.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 12.2.13-0ubuntu0.18.04.4 2020-09-22 12:07:13 UTC

  ceph (12.2.13-0ubuntu0.18.04.4) bionic-security; urgency=medium

  * SECURITY UPDATE: XSS attacks
    - debian/patches/CVE-2020-1760-1.patch: reject unauthenticated
      response-header actions in src/rgw/rgw_rest_s3.cc.
    - debian/patches/CVE-2020-1760-2.patch: change EPERM to
      ERR_INVALID_REQUEST in src/rgw/rgw_rest_s3.cc.
    - debian/patches/CVE-2020-1760-3.patch: reject control characters in
      response-header actions in src/rgw/rgw_rest_s3.cc.
    - CVE-2020-1760
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2020-10753.patch: sanitize newlines in
      src/rgw/rgw_cors.cc.
    - CVE-2020-10753
  * SECURITY UPDATE: DoS via invalid tagging XML
    - debian/patches/CVE-2020-12059.patch: check for tagging element in
      src/rgw/rgw_rest_s3.cc.
    - CVE-2020-12059

 -- Marc Deslauriers <email address hidden> Wed, 09 Sep 2020 08:51:41 -0400

Source diff to previous version
CVE-2020-1760 header-splitting in RGW GetObject has a possible XSS
CVE-2020-10753 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS
CVE-2020-12059 An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exc

Version: 12.2.12-0ubuntu0.18.04.5 2020-03-17 13:06:28 UTC

  ceph (12.2.12-0ubuntu0.18.04.5) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via RGW Beast front-end unexpected disconnects
    - debian/patches/CVE-2020-1700.patch: avoid leaking connections in
      src/rgw/rgw_asio_frontend.cc.
    - CVE-2020-1700

 -- Marc Deslauriers <email address hidden> Mon, 10 Feb 2020 11:12:03 -0500

Source diff to previous version
CVE-2020-1700 A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making mult

Version: 12.2.12-0ubuntu0.18.04.2 2019-08-29 03:07:14 UTC

  ceph (12.2.12-0ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: RADOS gateway remote denial of service
    - d/p/CVE-2019-10222.patch: rgw: asio: check the remote endpoint
      before processing requests.
    - CVE-2019-10222

 -- Steve Beattie <email address hidden> Tue, 27 Aug 2019 23:12:03 -0700

CVE-2019-10222 RESERVED



About   -   Send Feedback to @ubuntu_updates