UbuntuUpdates.org

Package "cephfs-shell"

Name: cephfs-shell

Description:

interactive shell for the Ceph distributed file system
Latest version: 15.2.12-0ubuntu0.20.10.1
Release: groovy (20.10)
Level: security
Repository: universe
Head package: ceph
Homepage: http://ceph.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "cephfs-shell"

All arch deb package
APT INSTALL

Other versions of "cephfs-shell" in Groovy

Repository Area Version
base universe 15.2.5-0ubuntu1
updates universe 15.2.13-0ubuntu0.20.10.1

Changelog

Version: 15.2.12-0ubuntu0.20.10.1 2021-06-25 01:06:24 UTC

  ceph (15.2.12-0ubuntu0.20.10.1) groovy-security; urgency=medium

  * SECURITY UPDATE: New upstream release (LP: #1929179):
    - CVE-2021-3509: Dashboard XSS via token cookie.
    - CVE-2021-3531: Swift API denial of service.
    - CVE-2021-3531: HTTP header injects via CORS in RGW.

 -- James Page <email address hidden> Mon, 24 May 2021 16:05:29 +0100
Source diff to previous version
1929179 [SRU] ceph 15.2.12
CVE-2021-3509 A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to a
CVE-2021-3531 A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes

Version: 15.2.7-0ubuntu0.20.10.3 2021-01-27 16:06:24 UTC

  ceph (15.2.7-0ubuntu0.20.10.3) groovy-security; urgency=medium

  * No-change rebuild in security pocket.
  * SECURITY UPDATE: Authorization bypass vulnerability
    - CVE-2020-10736
    - CVE-2020-25660
  * SECURITY UPDATE: Code injection vulnerability
    - CVE-2020-10753

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 20 Jan 2021 19:11:04 +0000
Source diff to previous version
CVE-2020-10736 An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restri
CVE-2020-25660 A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly a
CVE-2020-10753 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS

Version: 15.2.5-0ubuntu1.1 2020-11-02 16:06:42 UTC

  ceph (15.2.5-0ubuntu1.1) groovy-security; urgency=medium

  * Add back missing header file
    - ceph_statx.h actually got renamed to ceph_ll_client.h, so add it
      back to debian/libcephfs-devel.install to fix FTBFS in other
      packages.

 -- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 14:02:11 -0400


About   -   Send Feedback to @ubuntu_updates