UbuntuUpdates.org

Package "python3-rgw"

Name: python3-rgw

Description:

Python 3 libraries for the Ceph librgw library

Latest version: 15.2.17-0ubuntu0.20.04.6
Release: focal (20.04)
Level: updates
Repository: universe
Head package: ceph
Homepage: http://ceph.com/

Links


Download "python3-rgw"


Other versions of "python3-rgw" in Focal

Repository Area Version
base universe 15.2.1-0ubuntu1
security universe 15.2.17-0ubuntu0.20.04.6

Changelog

Version: 15.2.17-0ubuntu0.20.04.6 2024-01-29 14:09:47 UTC

  ceph (15.2.17-0ubuntu0.20.04.6) focal-security; urgency=medium

  * SECURITY UPDATE: Improper bucket validation in POST requests
    - debian/patches/CVE-2023-43040.patch: rgw: Fix bucket validation against POST policies
    - CVE-2023-43040

 -- Nick Galanis <email address hidden> Thu, 11 Jan 2024 12:26:21 +0000

Source diff to previous version
CVE-2023-43040 Improperly verified POST keys

Version: 15.2.17-0ubuntu0.20.04.5 2023-12-05 22:06:51 UTC

  ceph (15.2.17-0ubuntu0.20.04.5) focal; urgency=medium

   * d/p/bluestore-leak-fix.patch: Fix leak in bluestore cache (LP: #1996010).
   * d/p/bail-after-error.patch: Bail after exception in mon (LP: #1969000).
   * d/p/relax-epoch.patch: Relax epoch-based assertions (LP: #2019293).

 -- Luciano Lo Giudice <email address hidden> Fri, 22 Sep 2023 09:21:41 +0100

Source diff to previous version
1969000 [SRU] bail from handle_command() if _generate_command_map() fails
2019293 mgr: relax \

Version: 15.2.17-0ubuntu0.20.04.4 2023-05-18 20:07:13 UTC

  ceph (15.2.17-0ubuntu0.20.04.4) focal; urgency=medium

  * d/p/bug1978913.patch: Cherry-pick upstream fix for on-line
    trim of dups (LP: #1978913).

 -- Nikhil Kshirsagar <email address hidden> Mon, 31 Oct 2022 05:45:04 +0000

Source diff to previous version

Version: 15.2.17-0ubuntu0.20.04.3 2023-05-09 23:07:12 UTC

  ceph (15.2.17-0ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via ceph crash service
    - debian/patches/CVE-2022-3650-2.patch: fix some flake8 issues in
      src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-3.patch: fix stderr handling in
      src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-4.patch: drop privleges to run as "ceph"
      user, rather than root in src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-5.patch: chown crash files to ceph user
      in qa/workunits/rados/test_crash.sh.
    - debian/patches/CVE-2022-3650-6.patch: log warning if crash directory
      unreadable in src/ceph-crash.in.
    - CVE-2022-3650
  * This also fixes CVE-2021-3979 and CVE-2022-0670 in the -security
    pocket.

 -- Marc Deslauriers <email address hidden> Wed, 19 Apr 2023 19:05:07 -0400

Source diff to previous version
CVE-2022-3650 A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump,
CVE-2021-3979 A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algo
CVE-2022-0670 A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file syste

Version: 15.2.17-0ubuntu0.20.04.1 2022-11-23 04:07:19 UTC

  ceph (15.2.17-0ubuntu0.20.04.1) focal; urgency=medium

  * New upstream release (LP: #1990862).
  * Dropped patches in latest release:
    - d/p/disable-log-slow-requests.patch

 -- Chris MacNaughton <email address hidden> Wed, 12 Oct 2022 14:30:58 +0100

1990862 [SRU] ceph 15.2.17



About   -   Send Feedback to @ubuntu_updates