Package "radosgw-dbg"
Name: |
radosgw-dbg
|
Description: |
debugging symbols for radosgw
|
Latest version: |
10.2.11-0ubuntu0.16.04.3 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
main |
Head package: |
ceph |
Homepage: |
http://ceph.com/ |
Links
Download "radosgw-dbg"
Other versions of "radosgw-dbg" in Xenial
Changelog
ceph (10.2.11-0ubuntu0.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: XSS attacks
- debian/patches/CVE-2020-1760-1.patch: reject unauthenticated
response-header actions in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-2.patch: change EPERM to
ERR_INVALID_REQUEST in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-3.patch: reject control characters in
response-header actions in src/rgw/rgw_rest_s3.cc.
- CVE-2020-1760
* SECURITY UPDATE: HTTP header injection
- debian/patches/CVE-2020-10753.patch: sanitize newlines in
src/rgw/rgw_cors.cc.
- CVE-2020-10753
-- Marc Deslauriers <email address hidden> Wed, 09 Sep 2020 08:57:28 -0400
|
Source diff to previous version |
CVE-2020-1760 |
header-splitting in RGW GetObject has a possible XSS |
CVE-2020-10753 |
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS |
|
ceph (10.2.11-0ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect permissions on dm-crypt keys
- debian/patches/CVE-2018-14662.patch: limit caps allowed to access the
store in qa/suites/rados/singleton/all/mon-config-key-caps.yaml,
qa/workunits/mon/test_config_key_caps.sh, src/mon/MonCap.cc.
- CVE-2018-14662
* SECURITY UPDATE: DoS against OMAPs holding bucket indices
- debian/patches/CVE-2018-16846-pre1.patch: enforce bounds on
max-keys/max-uploads/max-parts in src/rgw/rgw_op.cc,
src/rgw/rgw_op.h, src/rgw/rgw_rest.cc, src/rgw/rgw_rest_swift.cc,
src/common/config_opts.h.
- debian/patches/CVE-2018-16846.patch: fix issues with 'enforce bounds'
patch in src/rgw/rgw_op.cc, src/rgw/rgw_op.h, src/rgw/rgw_rest.cc.
- CVE-2018-16846
-- Marc Deslauriers <email address hidden> Wed, 29 May 2019 12:06:34 -0400
|
CVE-2018-14662 |
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph d |
CVE-2018-16846 |
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. |
|
About
-
Send Feedback to @ubuntu_updates