UbuntuUpdates.org

Package "ceph"

Name: ceph

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • FUSE-based client for the Ceph distributed file system
  • Ceph daemon for immutable object cache
  • cephadm orchestrator module for ceph-mgr
  • dashboard module for ceph-mgr

Latest version: 15.2.13-0ubuntu0.20.10.1
Release: groovy (20.10)
Level: updates
Repository: universe

Links



Other versions of "ceph" in Groovy

Repository Area Version
base universe 15.2.5-0ubuntu1
base main 15.2.5-0ubuntu1
security main 15.2.12-0ubuntu0.20.10.1
security universe 15.2.12-0ubuntu0.20.10.1
updates main 15.2.13-0ubuntu0.20.10.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 15.2.13-0ubuntu0.20.10.1 2021-07-13 18:06:22 UTC

  ceph (15.2.13-0ubuntu0.20.10.1) groovy; urgency=medium

  * New upstream release (LP: #1933410).

 -- James Page <email address hidden> Fri, 25 Jun 2021 10:02:19 +0100

Source diff to previous version
1933410 [SRU] ceph 15.2.13

Version: 15.2.12-0ubuntu0.20.10.1 2021-06-25 02:06:30 UTC

  ceph (15.2.12-0ubuntu0.20.10.1) groovy-security; urgency=medium

  * SECURITY UPDATE: New upstream release (LP: #1929179):
    - CVE-2021-3509: Dashboard XSS via token cookie.
    - CVE-2021-3531: Swift API denial of service.
    - CVE-2021-3531: HTTP header injects via CORS in RGW.

 -- James Page <email address hidden> Mon, 24 May 2021 16:05:29 +0100

Source diff to previous version
1929179 [SRU] ceph 15.2.12
CVE-2021-3509 A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to a
CVE-2021-3531 A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes

Version: 15.2.11-0ubuntu0.20.10.2 2021-05-20 09:06:24 UTC

  ceph (15.2.11-0ubuntu0.20.10.2) groovy; urgency=medium

  * d/p/bug1914584.patch: Drop as this patch does not fix the
    actual issue.

Source diff to previous version

Version: 15.2.8-0ubuntu0.20.10.1 2021-03-01 13:06:28 UTC

  ceph (15.2.8-0ubuntu0.20.10.1) groovy; urgency=medium

  [ Chris MacNaughton ]
  * New upstream point release (LP: #1912355):
    - d/cephadm.install, d/librgw-dev.install, d/librgw2.install: Upstream
      point release removes files that were being installed.
    - d/rules: Remove installation of /etc/sudoers.d/cephadm as it is
      removed upstream.
  * d/p/disable-log-slow-requests.patch: Remove logging every slow request
    details to monitors LP: #1909162).

  [ Ponnuvel Palaniyappan ]
  * d/p/bug1911900-fix-scrub-blocking-balancer.patch:
    Prevent scrub from stopping balancer (LP: #1911900)

 -- Ponnuvel Palaniyappan <email address hidden> Thu, 04 Feb 2021 11:18:13 +0000

Source diff to previous version
1912355 [SRU] Ceph 15.2.8
1909162 cluster log slow request spam
1911900 [SRU] Active scrub blocks upmap balancer

Version: 15.2.7-0ubuntu0.20.10.3 2021-01-27 16:06:24 UTC

  ceph (15.2.7-0ubuntu0.20.10.3) groovy-security; urgency=medium

  * No-change rebuild in security pocket.
  * SECURITY UPDATE: Authorization bypass vulnerability
    - CVE-2020-10736
    - CVE-2020-25660
  * SECURITY UPDATE: Code injection vulnerability
    - CVE-2020-10753

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 20 Jan 2021 19:11:04 +0000

CVE-2020-10736 An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restri
CVE-2020-25660 A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly a
CVE-2020-10753 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS



About   -   Send Feedback to @ubuntu_updates