UbuntuUpdates.org

Package "libcephfs-jni"

Name: libcephfs-jni

Description:

Java Native Interface library for CephFS Java bindings

Latest version: 12.2.13-0ubuntu0.18.04.4
Release: bionic (18.04)
Level: updates
Repository: universe
Head package: ceph
Homepage: http://ceph.com/

Links


Download "libcephfs-jni"


Other versions of "libcephfs-jni" in Bionic

Repository Area Version
base universe 12.2.4-0ubuntu1
security universe 12.2.13-0ubuntu0.18.04.4

Changelog

Version: 12.2.13-0ubuntu0.18.04.4 2020-09-22 13:06:55 UTC

  ceph (12.2.13-0ubuntu0.18.04.4) bionic-security; urgency=medium

  * SECURITY UPDATE: XSS attacks
    - debian/patches/CVE-2020-1760-1.patch: reject unauthenticated
      response-header actions in src/rgw/rgw_rest_s3.cc.
    - debian/patches/CVE-2020-1760-2.patch: change EPERM to
      ERR_INVALID_REQUEST in src/rgw/rgw_rest_s3.cc.
    - debian/patches/CVE-2020-1760-3.patch: reject control characters in
      response-header actions in src/rgw/rgw_rest_s3.cc.
    - CVE-2020-1760
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2020-10753.patch: sanitize newlines in
      src/rgw/rgw_cors.cc.
    - CVE-2020-10753
  * SECURITY UPDATE: DoS via invalid tagging XML
    - debian/patches/CVE-2020-12059.patch: check for tagging element in
      src/rgw/rgw_rest_s3.cc.
    - CVE-2020-12059

 -- Marc Deslauriers <email address hidden> Wed, 09 Sep 2020 08:51:41 -0400

Source diff to previous version
CVE-2020-1760 header-splitting in RGW GetObject has a possible XSS
CVE-2020-10753 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS
CVE-2020-12059 An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exc

Version: 12.2.13-0ubuntu0.18.04.3 2020-09-03 15:07:04 UTC

  ceph (12.2.13-0ubuntu0.18.04.3) bionic; urgency=medium

  * d/p/bug1868364.patch: fix rgw unable to abort multipart upload after
    the bucket got resharded (LP: #1868364).

 -- Dongdong Tao <email address hidden> Fri, 03 Jul 2020 09:33:20 +0800

Source diff to previous version
1868364 [SRU] rgw: unable to abort multipart upload after the bucket got resharded

Version: 12.2.13-0ubuntu0.18.04.2 2020-06-15 18:07:25 UTC

  ceph (12.2.13-0ubuntu0.18.04.2) bionic; urgency=medium

  * d/p/bug1871820.patch: Revert change in default concurrency for
    rocksdb background compactions to avoid potential data loss
    (LP: #1871820).

Source diff to previous version
1871820 luminous: bluestore rocksdb max_background_compactions regression in 12.2.13

Version: 12.2.12-0ubuntu0.18.04.5 2020-03-17 14:06:33 UTC

  ceph (12.2.12-0ubuntu0.18.04.5) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via RGW Beast front-end unexpected disconnects
    - debian/patches/CVE-2020-1700.patch: avoid leaking connections in
      src/rgw/rgw_asio_frontend.cc.
    - CVE-2020-1700

 -- Marc Deslauriers <email address hidden> Mon, 10 Feb 2020 11:12:03 -0500

Source diff to previous version
CVE-2020-1700 A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making mult

Version: 12.2.12-0ubuntu0.18.04.4 2020-01-20 18:08:15 UTC

  ceph (12.2.12-0ubuntu0.18.04.4) bionic; urgency=medium

  [ Billy Olsen ]
  * Do not validate fs caps on authorize (LP: #1847822):
    - d/p/dont-validate-fs-caps-on-authorize.patch: Do not validate
      the filesystem caps with a new client connection to the monitor
      when authorizing a client connection.

  [ Dan Hill ]
  * d/p/issue38454.patch: Cherry pick of fixes for misc RGW bugs
    and cleanup of garbage collection code (LP: #1843085).

  [ Dariusz Gadomski ]
  * d/p/issue37490.patch: Cherry pick fix to optimize LVM queries
    in ceph-volume, resolving performance issues in systems under
    heavy load or with large numbers of disks (LP: #1850754).

 -- James Page <email address hidden> Thu, 28 Nov 2019 10:27:34 +0000

1847822 CephFS authorize fails with unknown cap type
1843085 Backport of zero-length gc chain fixes to Luminous



About   -   Send Feedback to @ubuntu_updates