Package "ceph"

Name: ceph


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • metadata server for the ceph distributed file system
  • OCF-compliant resource agents for Ceph
  • Ceph test and benchmarking tools
  • Java library for the Ceph File System

Latest version: 13.2.6-0ubuntu0.19.04.3
Release: disco (19.04)
Level: security
Repository: universe


Save this URL for the latest version of "ceph": https://www.ubuntuupdates.org/ceph

Other versions of "ceph" in Disco

Repository Area Version
base main 13.2.4+dfsg1-0ubuntu2
base universe 13.2.4+dfsg1-0ubuntu2
security main 13.2.6-0ubuntu0.19.04.3
updates universe 13.2.6-0ubuntu0.19.04.4
updates main 13.2.6-0ubuntu0.19.04.4

Packages in group

Deleted packages are displayed in grey.


Version: 13.2.6-0ubuntu0.19.04.3 2019-08-29 03:07:21 UTC

  ceph (13.2.6-0ubuntu0.19.04.3) disco-security; urgency=medium

  * SECURITY UPDATE: RADOS gateway remote denial of service
    - d/p/CVE-2019-10222.patch: rgw: asio: check the remote endpoint
      before processing requests.
    - CVE-2019-10222

 -- Steve Beattie <email address hidden> Tue, 27 Aug 2019 23:02:16 -0700

Source diff to previous version
CVE-2019-10222 RESERVED

Version: 13.2.4+dfsg1-0ubuntu2.1 2019-06-25 13:08:03 UTC

  ceph (13.2.4+dfsg1-0ubuntu2.1) disco-security; urgency=medium

  * SECURITY UPDATE: encryption key leak in log
    - debian/patches/CVE-2018-16889.patch: sanitize customer encryption
      keys from log output in src/rgw/rgw_auth_s3.cc,
    - CVE-2018-16889
  * SECURITY UPDATE: civetweb file descriptor leak
    - debian/patches/CVE-2019-3821.patch: properly close connection in
    - CVE-2019-3821

 -- Marc Deslauriers <email address hidden> Wed, 29 May 2019 11:09:08 -0400

CVE-2018-16889 Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files
CVE-2019-3821 A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create mu

About   -   Send Feedback to @ubuntu_updates