UbuntuUpdates.org

Package "ceph"

Name: ceph

Description:

distributed storage and file system
Latest version: 17.2.7-0ubuntu0.22.04.1
Release: jammy (22.04)
Level: updates
Repository: main
Homepage: http://ceph.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ceph"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ceph" in Jammy

Repository Area Version
base main 17.1.0-0ubuntu3
base universe 17.1.0-0ubuntu3
security main 17.2.6-0ubuntu0.22.04.3
security universe 17.2.6-0ubuntu0.22.04.3
updates universe 17.2.7-0ubuntu0.22.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 17.2.7-0ubuntu0.22.04.1 2024-03-20 09:07:12 UTC

  ceph (17.2.7-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream point release (LP: #2043336):
    - d/p/fix-lvm-devices.patch: Cherry pick committed fix for issues
      using LVM PV/LV for OSDs introduced in 17.2.7 release.
    - d/p/patch-out-exporter.patch: Refresh for new release.
    - d/p/CVE-2023-43040.patch: Drop, included in release.

 -- Luciano Lo Giudice <email address hidden> Thu, 08 Feb 2024 11:33:49 +0000
Source diff to previous version
2043336 [SRU] ceph 17.2.7 point release
CVE-2023-43040 Improperly verified POST keys

Version: 17.2.6-0ubuntu0.22.04.3 2024-01-29 14:09:48 UTC

  ceph (17.2.6-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Improper bucket validation in POST requests
    - debian/patches/CVE-2023-43040.patch: rgw: Fix bucket validation against POST policies
    - CVE-2023-43040

 -- Nick Galanis <email address hidden> Thu, 11 Jan 2024 12:26:46 +0000
Source diff to previous version
CVE-2023-43040 Improperly verified POST keys

Version: 17.2.6-0ubuntu0.22.04.2 2023-11-22 06:09:07 UTC

  ceph (17.2.6-0ubuntu0.22.04.2) jammy; urgency=medium

  [ Peter Sabaini]
  * Create package for the cephfs-mirror tool (LP: #2003704).

 -- Luciano Lo Giudice <email address hidden> Thu, 31 Aug 2023 22:44:27 +0000
Source diff to previous version
2003704 RFE: missing cephfs-mirror

Version: 17.2.6-0ubuntu0.22.04.1 2023-07-27 20:07:05 UTC

  ceph (17.2.6-0ubuntu0.22.04.1) jammy; urgency=medium

  [ Luciano Lo Giudice ]
  * New upstream point release (LP: #2018929).
  * d/p/*: Refresh.

  [ Peter Sabaini ]
  * Fix: add the mgr.nfs package to the core modules (LP: #2003530).

  [ James Page ]
  * d/p/32bit-fixes.patch: rework size_t usage to avoid FTBFS on 32 bit
    architectures.
  * d/p/CVE-2022-*: Drop security related patches, included in release.

 -- Luciano Lo Giudice <email address hidden> Fri, 26 May 2023 15:42:09 +0100
Source diff to previous version
2018929 [SRU] ceph 17.2.6
2003530 Rook mgr module crashes due to missing mgr.nfs

Version: 17.2.5-0ubuntu0.22.04.3 2023-05-09 19:07:14 UTC

  ceph (17.2.5-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via ceph crash service
    - debian/patches/CVE-2022-3650-1.patch: re-add unused frame in
      handler() in src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-2.patch: fix some flake8 issues in
      src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-3.patch: fix stderr handling in
      src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-4.patch: drop privleges to run as "ceph"
      user, rather than root in src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-5.patch: chown crash files to ceph user
      in qa/workunits/rados/test_crash.sh.
    - debian/patches/CVE-2022-3650-6.patch: log warning if crash directory
      unreadable in src/ceph-crash.in.
    - CVE-2022-3650
  * This also fixes CVE-2022-0670 and CVE-2022-3854 in the -security
    pocket.

 -- Marc Deslauriers <email address hidden> Wed, 19 Apr 2023 18:59:11 -0400
CVE-2022-3650 A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump,
CVE-2022-0670 A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file syste
CVE-2022-3854 A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash


About   -   Send Feedback to @ubuntu_updates