UbuntuUpdates.org

Package "libradosstriper1"

Name: libradosstriper1

Description:

RADOS striping interface
Latest version: 17.2.7-0ubuntu0.22.04.2
Release: jammy (22.04)
Level: updates
Repository: main
Head package: ceph
Homepage: http://ceph.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libradosstriper1"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libradosstriper1" in Jammy

Repository Area Version
base main 17.1.0-0ubuntu3
security main 17.2.7-0ubuntu0.22.04.2

Changelog

Version: 17.2.5-0ubuntu0.22.04.3 2023-05-09 19:07:14 UTC

  ceph (17.2.5-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via ceph crash service
    - debian/patches/CVE-2022-3650-1.patch: re-add unused frame in
      handler() in src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-2.patch: fix some flake8 issues in
      src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-3.patch: fix stderr handling in
      src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-4.patch: drop privleges to run as "ceph"
      user, rather than root in src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-5.patch: chown crash files to ceph user
      in qa/workunits/rados/test_crash.sh.
    - debian/patches/CVE-2022-3650-6.patch: log warning if crash directory
      unreadable in src/ceph-crash.in.
    - CVE-2022-3650
  * This also fixes CVE-2022-0670 and CVE-2022-3854 in the -security
    pocket.

 -- Marc Deslauriers <email address hidden> Wed, 19 Apr 2023 18:59:11 -0400
Source diff to previous version
CVE-2022-3650 A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump,
CVE-2022-0670 A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file syste
CVE-2022-3854 A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash

Version: 17.2.5-0ubuntu0.22.04.2 2023-03-28 22:07:09 UTC

  ceph (17.2.5-0ubuntu0.22.04.2) jammy; urgency=medium

  * d/ceph-mgr.install: Add object_format.py to mgr install.
Source diff to previous version

Version: 17.2.0-0ubuntu0.22.04.2 2022-11-16 03:06:55 UTC

  ceph (17.2.0-0ubuntu0.22.04.2) jammy; urgency=medium

  * d/p/lp1986747-fix-osd-class-dir.patch: Partially revert upstream
    change that breaks classpath loading (LP: #1986747).

 -- Chris MacNaughton <email address hidden> Thu, 01 Sep 2022 16:30:32 +0100
Source diff to previous version
1986747 [quincy] invalid osd_class_dir blocks rados client connections

Version: 17.2.0-0ubuntu0.22.04.1 2022-05-24 21:06:23 UTC

  ceph (17.2.0-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release for Ceph Quincy (LP: #1968318):
    - d/p/*: Refresh.
    - d/rules: Disable RADOS Gateway Parquet Object support to avoid
      pulling new dependencies into Ubuntu main.

 -- James Page <email address hidden> Wed, 04 May 2022 10:21:43 +0200
1968318 [sru] ceph 17.2.0 (Quincy) release


About   -   Send Feedback to @ubuntu_updates