Package "ceph-resource-agents"

Name: ceph-resource-agents


OCF-compliant resource agents for Ceph

Latest version: 0.80.11-0ubuntu1.14.04.3
Release: trusty (14.04)
Level: security
Repository: universe
Head package: ceph
Homepage: http://ceph.com/


Download "ceph-resource-agents"

Other versions of "ceph-resource-agents" in Trusty

Repository Area Version
base universe 0.79-0ubuntu1
updates universe 0.80.11-0ubuntu1.14.04.4


Version: 0.80.11-0ubuntu1.14.04.3 2017-10-11 14:06:57 UTC

  ceph (0.80.11-0ubuntu1.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS in handle_command function
    - debian/patches/CVE-2016-5009.patch: validate prefix in
      src/mon/Monitor.cc, add test to src/test/librados/cmd.cc.
    - CVE-2016-5009
  * SECURITY UPDATE: anonymouse user bucket contents list via a URL
    - debian/patches/CVE-2016-7031.patch: check ACLs in
      src/rgw/rgw_acl_s3.cc, src/rgw/rgw_op.cc.
    - CVE-2016-7031
  * SECURITY UPDATE: DoS via POST object with null conditions
    - debian/patches/CVE-2016-8626.patch: handle empty POST condition in
    - CVE-2016-8626
  * SECURITY UPDATE: DoS via request with invalid HTTP Origin header
    - debian/patches/CVE-2016-9579.patch: do not abort on short origin in
    - CVE-2016-9579

 -- Marc Deslauriers <email address hidden> Mon, 25 Sep 2017 16:44:20 -0400

CVE-2016-5009 The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph mon
CVE-2016-7031 The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL
CVE-2016-8626 RGW Denial of Service by sending POST object with null conditions
CVE-2016-9579 RGW server DoS via request with invalid HTTP Origin header

About   -   Send Feedback to @ubuntu_updates