Package "libcephfs2"
Name: |
libcephfs2
|
Description: |
Ceph distributed file system client library
|
Latest version: |
15.2.17-0ubuntu0.20.04.6 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Head package: |
ceph |
Homepage: |
http://ceph.com/ |
Links
Download "libcephfs2"
Other versions of "libcephfs2" in Focal
Changelog
ceph (15.2.17-0ubuntu0.20.04.6) focal-security; urgency=medium
* SECURITY UPDATE: Improper bucket validation in POST requests
- debian/patches/CVE-2023-43040.patch: rgw: Fix bucket validation against POST policies
- CVE-2023-43040
-- Nick Galanis <email address hidden> Thu, 11 Jan 2024 12:26:21 +0000
|
Source diff to previous version |
|
ceph (15.2.17-0ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: privilege escalation via ceph crash service
- debian/patches/CVE-2022-3650-2.patch: fix some flake8 issues in
src/ceph-crash.in.
- debian/patches/CVE-2022-3650-3.patch: fix stderr handling in
src/ceph-crash.in.
- debian/patches/CVE-2022-3650-4.patch: drop privleges to run as "ceph"
user, rather than root in src/ceph-crash.in.
- debian/patches/CVE-2022-3650-5.patch: chown crash files to ceph user
in qa/workunits/rados/test_crash.sh.
- debian/patches/CVE-2022-3650-6.patch: log warning if crash directory
unreadable in src/ceph-crash.in.
- CVE-2022-3650
* This also fixes CVE-2021-3979 and CVE-2022-0670 in the -security
pocket.
-- Marc Deslauriers <email address hidden> Wed, 19 Apr 2023 19:05:07 -0400
|
Source diff to previous version |
CVE-2022-3650 |
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, |
CVE-2021-3979 |
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algo |
CVE-2022-0670 |
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file syste |
|
ceph (15.2.12-0ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: New upstream release (LP: #1929179):
- CVE-2021-3509: Dashboard XSS via token cookie.
- CVE-2021-3531: Swift API denial of service.
- CVE-2021-3531: HTTP header injects via CORS in RGW.
-- James Page <email address hidden> Mon, 24 May 2021 16:07:20 +0100
|
Source diff to previous version |
1929179 |
[SRU] ceph 15.2.12 |
CVE-2021-3509 |
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to a |
CVE-2021-3531 |
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes |
|
ceph (15.2.7-0ubuntu0.20.04.2) focal-security; urgency=medium
* No-change rebuild in security pocket.
* SECURITY UPDATE: Authorization bypass vulnerability
- CVE-2020-10736
- CVE-2020-25660
* SECURITY UPDATE: Code injection vulnerability
- CVE-2020-10753
-- Paulo Flabiano Smorigo <email address hidden> Wed, 20 Jan 2021 19:09:07 +0000
|
CVE-2020-10736 |
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restri |
CVE-2020-25660 |
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly a |
CVE-2020-10753 |
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS |
|
About
-
Send Feedback to @ubuntu_updates