REST gateway for RADOS distributed object store
Other versions of "radosgw" in Hirsute
ceph (16.2.4-0ubuntu0.21.04.1) hirsute; urgency=medium
[ Chris MacNaughton ]
* d/ceph-base.install: Remove ceph-deploy man page installation
[ James Page ]
* SECURITY UPDATE: New upstream release (LP: #1928645):
- CVE-2021-3509: Dashboard XSS via token cookie.
- CVE-2021-3531: Swift API denial of service.
- CVE-2021-3531: HTTP header injects via CORS in RGW.
- d/p/bug1925347.patch: Drop, included in release.
-- James Page <email address hidden> Thu, 27 May 2021 06:18:16 +0100
|Source diff to previous version|
||ceph 15.2.3-0ubuntu0.20.04.2 collides with ceph-deploy 2.0.1-0ubuntu1
||[SRU] ceph 16.2.4
||A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to a
||A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes
ceph (16.2.1-0ubuntu0.21.04.1) hirsute-proposed; urgency=medium
* SECURITY UPDATE: New upstream point release (LP: #1925322):
* d/rules: remove temporary build objects after install to avoid
running out of disk space during package builds.
* d/p/bug1925347.patch: Cherry pick fix to revert ProtectClock
permissions change in systemd configurations which prevents the
ceph-osd process from starting (LP: #1925347).
-- James Page <email address hidden> Thu, 22 Apr 2021 10:21:35 +0100
||[SRU] ceph 16.2.1
||ceph-osd fails to start with ProtectClock=true
||An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitiz
Send Feedback to @ubuntu_updates