Package "ceph"

Name: ceph


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • common utilities to mount and interact with a ceph file system
  • debugging symbols for ceph-fs-common
  • metadata server for the ceph distributed file system
  • debugging symbols for ceph-mds

Latest version: 0.80.11-0ubuntu1.14.04.3
Release: trusty (14.04)
Level: security
Repository: universe


Other versions of "ceph" in Trusty

Repository Area Version
base main 0.79-0ubuntu1
base universe 0.79-0ubuntu1
security main 0.80.11-0ubuntu1.14.04.3
updates universe 0.80.11-0ubuntu1.14.04.4
updates main 0.80.11-0ubuntu1.14.04.4

Packages in group

Deleted packages are displayed in grey.


Version: 0.80.11-0ubuntu1.14.04.3 2017-10-11 14:06:57 UTC

  ceph (0.80.11-0ubuntu1.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS in handle_command function
    - debian/patches/CVE-2016-5009.patch: validate prefix in
      src/mon/Monitor.cc, add test to src/test/librados/cmd.cc.
    - CVE-2016-5009
  * SECURITY UPDATE: anonymouse user bucket contents list via a URL
    - debian/patches/CVE-2016-7031.patch: check ACLs in
      src/rgw/rgw_acl_s3.cc, src/rgw/rgw_op.cc.
    - CVE-2016-7031
  * SECURITY UPDATE: DoS via POST object with null conditions
    - debian/patches/CVE-2016-8626.patch: handle empty POST condition in
    - CVE-2016-8626
  * SECURITY UPDATE: DoS via request with invalid HTTP Origin header
    - debian/patches/CVE-2016-9579.patch: do not abort on short origin in
    - CVE-2016-9579

 -- Marc Deslauriers <email address hidden> Mon, 25 Sep 2017 16:44:20 -0400

CVE-2016-5009 The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph mon
CVE-2016-7031 The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL
CVE-2016-8626 RGW Denial of Service by sending POST object with null conditions
CVE-2016-9579 RGW server DoS via request with invalid HTTP Origin header

About   -   Send Feedback to @ubuntu_updates