Accepted ceph 10.2.11-2+deb9u1 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 10 Aug 2021 17:05:21 +0200
Source: ceph
Binary: ceph ceph-base rbd-mirror rbd-nbd ceph-common ceph-mds ceph-mon ceph-osd ceph-fuse rbd-fuse ceph-fs-common ceph-resource-agents librados2 librados-dev libradosstriper1 libradosstriper-dev librbd1 librbd-dev libcephfs1 libcephfs-dev librgw2 librgw-dev radosgw ceph-test python-ceph python-rados python-rbd python-cephfs libcephfs-java libcephfs-jni
Architecture: source
Version: 10.2.11-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Ceph Maintainers <ceph-maintainers@lists.ceph.com>
Changed-By: Markus Koschany <apo@debian.org>
Description:
ceph - distributed storage and file system
ceph-base - common ceph daemon libraries and management tools
ceph-common - common utilities to mount and interact with a ceph storage cluste
ceph-fs-common - common utilities to mount and interact with a ceph file system
ceph-fuse - FUSE-based client for the Ceph distributed file system
ceph-mds - metadata server for the ceph distributed file system
ceph-mon - monitor server for the ceph storage system
ceph-osd - OSD server for the ceph storage system
ceph-resource-agents - OCF-compliant resource agents for Ceph
ceph-test - Ceph test and benchmarking tools
libcephfs-dev - Ceph distributed file system client library (development files)
libcephfs-java - Java library for the Ceph File System
libcephfs-jni - Java Native Interface library for CephFS Java bindings
libcephfs1 - Ceph distributed file system client library
librados-dev - RADOS distributed object store client library (development files)
librados2 - RADOS distributed object store client library
libradosstriper-dev - RADOS striping interface (development files)
libradosstriper1 - RADOS striping interface
librbd-dev - RADOS block device client library (development files)
librbd1 - RADOS block device client library
librgw-dev - RADOS client library (development files)
librgw2 - RADOS Gateway client library
python-ceph - Meta-package for python libraries for the Ceph libraries
python-cephfs - Python libraries for the Ceph libcephfs library
python-rados - Python libraries for the Ceph librados library
python-rbd - Python libraries for the Ceph librbd library
radosgw - REST gateway for RADOS distributed object store
rbd-fuse - FUSE-based rbd client for the Ceph distributed file system
rbd-mirror - Ceph daemon for mirroring RBD images
rbd-nbd - NBD-based rbd client for the Ceph distributed file system
Changes:
ceph (10.2.11-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2018-14662:
Authenticated ceph users with read only permissions could steal dm-crypt
encryption keys used in ceph disk encryption.
* Fix CVE-2018-16846:
Authenticated ceph RGW users can cause a denial of service against OMAPs
holding bucket indices.
* Fix CVE-2020-10753:
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway).
The vulnerability is related to the injection of HTTP headers via a CORS
ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS
configuration file generates a header injection in the response when the
CORS request is made.
* Fix CVE-2020-1760:
A flaw was found in the Ceph Object Gateway, where it supports request sent
by an anonymous user in Amazon S3. This flaw could lead to potential XSS
attacks due to the lack of proper neutralization of untrusted input.
* A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway)
in versions before 14.2.21. The vulnerability is related to the injection of
HTTP headers via a CORS ExposeHeader tag. The newline character in the
ExposeHeader tag in the CORS configuration file generates a header injection
in the response when the CORS request is made. In addition, the prior bug fix
for CVE-2020-10753 did not account for the use of \r as a header separator,
thus a new flaw has been created.
Checksums-Sha1:
3fc6ce604ec8c6c7a8a319cb8cafaf09c808679f 4785 ceph_10.2.11-2+deb9u1.dsc
2d5d73532ea3f2cf7d8da10e796f068398d865df 15063671 ceph_10.2.11.orig.tar.gz
6c67f847e392402d2c459827388b24417dd19ac7 58908 ceph_10.2.11-2+deb9u1.debian.tar.xz
b876d902fb043b76f87c6d44015bc47e61550042 31298 ceph_10.2.11-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
be1ee51231a7da68df63fd48b3b5d9c83bf600710de0ab8cacef3eb5f65ae4ea 4785 ceph_10.2.11-2+deb9u1.dsc
91c7dd7c3c6b39c4f82cdfae3379e3562b18d6bcda6ea9423649272b0d90d7fd 15063671 ceph_10.2.11.orig.tar.gz
d50e0db2db9980cbafb00cae8a6164c443c4bc3f6c045fc1bdb13ef54aa9237e 58908 ceph_10.2.11-2+deb9u1.debian.tar.xz
da0522ae7c4560a30f61fbf395de0efa80fb1cd95e82a4c40cde2fb0984509ff 31298 ceph_10.2.11-2+deb9u1_amd64.buildinfo
Files:
5eb1420cce4e7477d7f273b7cf360a75 4785 admin optional ceph_10.2.11-2+deb9u1.dsc
09d18eb8d8d06893e9496657f03427a0 15063671 admin optional ceph_10.2.11.orig.tar.gz
3d9d84f35f0eaf7335484f0480e68f68 58908 admin optional ceph_10.2.11-2+deb9u1.debian.tar.xz
8a2a3e45ba0e830cf1e8dc43a294b339 31298 admin optional ceph_10.2.11-2+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmESpklfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkXUEP/3Lpsht7JwJSUV/vvblHGPvP4MjtRJGYYAaN
B7KIk2d63thj5P8lyb37gGyOQKPLrO9vo4Z/tTId8aezEVKZreqYkXpxm5fhOIyZ
20r5RO80ec4LjI6J4eKkFjoCql7Ev5sbkyoV36KPYEA7yzGkI51Ko22qE3OGaLfv
1Dd9xiHEUF209+V9QwVscNlVONiijy+WzqCpffyor1PNmUnLuzXebGHAoL0hMv2t
V2vkzDPAWK1jYNu2Y8CbKcOP14DkmnJnQDdkaRRof5OkzWLKzDRgYMmrY/R4pH4s
Jd57nGlzeX/+xNRHgeMWLkmujQuIOi8pbi/ErzCv2o9eWaBVhYKKG9duEdWtyP8m
Sr7Q/GrcDOB3aYjZOTpqM3K8eHJZ+eEaS69TrCRlWE0ilSQZGTqtfPCB779kEdA0
7WDXSP++hNSCHThwbu9GaskoZvwra+HoHqFrk4/GbM8FGnp8tKIn8jpweDgSc1lA
YSaqyciec1pfZwPHznuB/6EHxEq3Y1ph2zh5N3PW1cP9JOKjITFzzxcFXc76ONIv
Q8Y8hHrBcmAY5JcXkIAZpULm+4Waj7pIE/fpZX6HYAVJ3ihkYd4ZOkiiHda+e5bx
6ui7OBMMxAqGS9wWLkZsEI6KWafp5GbCDs9ERq12ggnPLvebP/L56etNWqlbgr82
RQ23LTgP
=bUG7
-----END PGP SIGNATURE-----
Reply to: