UbuntuUpdates.org

Package "ceph"

Name: ceph

Description:

distributed storage and file system

Latest version: 13.2.4+dfsg1-0ubuntu0.18.10.2
Release: cosmic (18.10)
Level: security
Repository: main
Homepage: http://ceph.com/

Links

Save this URL for the latest version of "ceph": https://www.ubuntuupdates.org/ceph


Download "ceph"


Other versions of "ceph" in Cosmic

Repository Area Version
base main 12.2.4-0ubuntu1.1build1
base universe 12.2.4-0ubuntu1.1build1
security universe 13.2.4+dfsg1-0ubuntu0.18.10.2
updates universe 13.2.4+dfsg1-0ubuntu0.18.10.2
updates main 13.2.4+dfsg1-0ubuntu0.18.10.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 13.2.4+dfsg1-0ubuntu0.18.10.2 2019-06-25 13:07:55 UTC

  ceph (13.2.4+dfsg1-0ubuntu0.18.10.2) cosmic-security; urgency=medium

  * SECURITY UPDATE: encryption key leak in log
    - debian/patches/CVE-2018-16889.patch: sanitize customer encryption
      keys from log output in src/rgw/rgw_auth_s3.cc,
      src/rgw/rgw_rest_s3.cc.
    - CVE-2018-16889
  * SECURITY UPDATE: civetweb file descriptor leak
    - debian/patches/CVE-2019-3821.patch: properly close connection in
      src/civetweb/src/civetweb.c.
    - CVE-2019-3821

 -- Marc Deslauriers <email address hidden> Wed, 29 May 2019 11:11:40 -0400

CVE-2018-16889 Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files
CVE-2019-3821 A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create mu



About   -   Send Feedback to @ubuntu_updates