UbuntuUpdates.org

Package "python3-rados"

Name: python3-rados

Description:

Python 3 libraries for the Ceph librados library

Latest version: 12.2.13-0ubuntu0.18.04.10
Release: bionic (18.04)
Level: updates
Repository: universe
Head package: ceph
Homepage: http://ceph.com/

Links


Download "python3-rados"


Other versions of "python3-rados" in Bionic

Repository Area Version
base universe 12.2.4-0ubuntu1
security universe 12.2.13-0ubuntu0.18.04.10

Changelog

Version: 12.2.13-0ubuntu0.18.04.10 2021-11-01 21:06:26 UTC

  ceph (12.2.13-0ubuntu0.18.04.10) bionic-security; urgency=medium

  * SECURITY UPDATE: user credentials issue
    - debian/patches/CVE-2020-27781-1.patch: fix PEP-8 SyntaxWarning in
      src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-2.patch: disallow authorize auth_id in
      src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-3.patch: preserve existing caps while
      authorize/deauthorize auth-id in src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-4.patch: optionally authorize existing
      auth-ids in src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-5.patch: add tests in
      qa/tasks/cephfs/test_volume_client.py.
    - CVE-2020-27781
  * SECURITY UPDATE: HTTP headers injection
    - debian/patches/CVE-2021-3524.patch: add more escaping to headers in
      src/rgw/rgw_cors.cc.
    - CVE-2021-3524
  * SECURITY UPDATE: denial of service in rgw
    - debian/patches/CVE-2021-3531.patch: checks empty subdir_name in
      src/rgw/rgw_rest_swift.cc.
    - CVE-2021-3531
  * This package does _not_ contain the changes from the
    12.2.13-0ubuntu0.18.04.9 package in bionic-proposed.

 -- Marc Deslauriers <email address hidden> Fri, 24 Sep 2021 09:46:46 -0400

Source diff to previous version
CVE-2020-27781 User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open S
CVE-2021-3524 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection
CVE-2021-3531 A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes

Version: 12.2.13-0ubuntu0.18.04.8 2021-06-21 11:06:23 UTC

  ceph (12.2.13-0ubuntu0.18.04.8) bionic; urgency=medium

  * d/p/lp1908375*.patch: remove blkid calls from ceph-volume lvm list
    to improve performance/experience in systems with large numbers of
    slow disks (LP: #1908375).

 -- Dariusz Gadomski <email address hidden> Mon, 07 Jun 2021 16:39:26 +0200

Source diff to previous version
1908375 ceph-volume lvm list \u003cdevice\u003e calls blkid numerous times for differrent devices

Version: 12.2.13-0ubuntu0.18.04.7 2021-05-06 11:07:16 UTC

  ceph (12.2.13-0ubuntu0.18.04.7) bionic; urgency=medium

  * d/p/bug1914911.patch: cherry pick fix to ensure more regular compaction
    of the bluefs log (LP: #1914911).

 -- Ponnuvel Palaniyappan <email address hidden> Fri, 26 Mar 2021 09:35:30 +0000

Source diff to previous version
1914911 [SRU] bluefs doesn't compact log file

Version: 12.2.13-0ubuntu0.18.04.6 2021-01-18 12:07:39 UTC

  ceph (12.2.13-0ubuntu0.18.04.6) bionic; urgency=medium

  * d/p/bug1906496.patch: disable network stats in
    dump_osd_stats (LP: #1906496)

 -- Ponnuvel Palaniyappan <email address hidden> Mon, 07 Dec 2020 18:15:24 +0000

Source diff to previous version

Version: 12.2.13-0ubuntu0.18.04.5 2020-11-19 12:07:06 UTC

  ceph (12.2.13-0ubuntu0.18.04.5) bionic; urgency=medium

  * d/p/rules: Enable RelWithDebInfo (LP: #1894453).

 -- Corey Bryant <email address hidden> Mon, 26 Oct 2020 09:17:19 -0400

1894453 Building Ceph packages with RelWithDebInfo



About   -   Send Feedback to @ubuntu_updates