UbuntuUpdates.org

Package "ceph-test"

Name: ceph-test

Description:

Ceph test and benchmarking tools

Latest version: 0.80.11-0ubuntu1.14.04.3
Release: trusty (14.04)
Level: security
Repository: universe
Head package: ceph
Homepage: http://ceph.com/

Links


Download "ceph-test"


Other versions of "ceph-test" in Trusty

Repository Area Version
base universe 0.79-0ubuntu1
updates universe 0.80.11-0ubuntu1.14.04.4

Changelog

Version: 0.80.11-0ubuntu1.14.04.3 2017-10-11 14:06:57 UTC

  ceph (0.80.11-0ubuntu1.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS in handle_command function
    - debian/patches/CVE-2016-5009.patch: validate prefix in
      src/mon/Monitor.cc, add test to src/test/librados/cmd.cc.
    - CVE-2016-5009
  * SECURITY UPDATE: anonymouse user bucket contents list via a URL
    - debian/patches/CVE-2016-7031.patch: check ACLs in
      src/rgw/rgw_acl_s3.cc, src/rgw/rgw_op.cc.
    - CVE-2016-7031
  * SECURITY UPDATE: DoS via POST object with null conditions
    - debian/patches/CVE-2016-8626.patch: handle empty POST condition in
      src/rgw/rgw_policy_s3.cc.
    - CVE-2016-8626
  * SECURITY UPDATE: DoS via request with invalid HTTP Origin header
    - debian/patches/CVE-2016-9579.patch: do not abort on short origin in
      src/rgw/rgw_cors.cc.
    - CVE-2016-9579

 -- Marc Deslauriers <email address hidden> Mon, 25 Sep 2017 16:44:20 -0400

CVE-2016-5009 The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph mon
CVE-2016-7031 The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL
CVE-2016-8626 RGW Denial of Service by sending POST object with null conditions
CVE-2016-9579 RGW server DoS via request with invalid HTTP Origin header



About   -   Send Feedback to @ubuntu_updates