Download
| Alert*
|
oval:org.secpod.oval:def:53465
The update for ceph issued as DSA-4339-1 caused a build regression for the i386 builds. Updated packages are now available to address this issue. For reference, the original advisory text follows. Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system: The cephx auth ... oval:org.secpod.oval:def:113771 ceph is installed oval:org.secpod.oval:def:603572 The update for ceph issued as DSA-4339-1 caused a build regression for the i386 builds. Updated packages are now available to address this issue. For reference, the original advisory text follows. Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system: The cephx auth ... oval:org.secpod.oval:def:57443 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:89002231 This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-7262: rgw: malformed http headers can crash rgw . - CVE-2017-16818: User reachable asserts allow for DoS . Bug fixes: - bsc#1061461: OSDs keep generating coredumps after adding new OSD node to cluster. - bsc#1079076: ... oval:org.secpod.oval:def:89002073 This update for ceph fixes the following issues: - Update to version 12.2.7-420-gc0ef85b854: * https://ceph.com/releases/12-2-7-luminous-released/ * luminous: osd: eternal stuck PG in "unfound_recovery" * bluestore: db.slow used when db is not full * CVE-2018-10861: Ensure that ceph-mon does perfo ... oval:org.secpod.oval:def:703859 ceph is installed oval:org.secpod.oval:def:89003176 This update for ceph to version 12.2.12-594-g02236657ca fixes the following issues: Security issues fixed: - CVE-2018-16889: Fixed missing sanitation of customer encryption keys from log output in v4 auth oval:org.secpod.oval:def:89003088 This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth ... oval:org.secpod.oval:def:703842 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:52890 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:116004 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:603569 Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system: The cephx authentication protocol was suspectible to replay attacks and calculated signatures incorrectly, ceph mon did not validate capabilities for pool operations and a format string vulnerability in librado ... oval:org.secpod.oval:def:53462 Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system: The cephx authentication protocol was suspectible to replay attacks and calculated signatures incorrectly, "ceph mon" did not validate capabilities for pool operations and a format string vulnerabilit ... oval:org.secpod.oval:def:89050272 This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHX_V2 authorizer challenges . - Major batch refactor of ceph-volume that addresses a couple of issues - Documented Prometheus" security model - monclient: Fixed an issue where executing several ceph commands in a shor ... oval:org.secpod.oval:def:89050312 This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHX_V2 authorizer challenges . - Added --container-init feature - Made journald as the logdriver again - Fixes a condition check for copy_tree, copy_files, and move_files in cephadm - Fixed a bug where device_health_m ... oval:org.secpod.oval:def:1900024 Resource exhaustion via TCP connection to port serving the SSL endpoint oval:org.secpod.oval:def:55664 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:89050751 This update for ceph fixes the following issues: Security issues fixed: - CVE-2019-3821: civetweb: fix file descriptor leak - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth Non-security issues fixed: - install grafana dashboards world readable - upgrade results ... oval:org.secpod.oval:def:89050759 This update for ceph version 13.2.4 fixes the following issues: Security issues fixed: - CVE-2018-14662: Fixed an issue with LUKS "config-key" safety - CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon - CVE-2018-1128: Fixed signature check bypass in cephx - CVE-2018-1129: ... oval:org.secpod.oval:def:114901 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:114811 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:89050255 This update for ceph fixes the following issues: - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag . oval:org.secpod.oval:def:70355 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:89050452 This update for ceph fixes the following issues: - CVE-2020-1759: Fixed once reuse in msgr V2 secure mode - CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting . oval:org.secpod.oval:def:70127 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:89002962 This update for ceph fixes the following issues: - CVE-2020-12059: Fixed a denial of service caused by a specially crafted XML payload on POST requests . oval:org.secpod.oval:def:70233 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:89002949 This update for ceph fixes the following issues: - CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting . oval:org.secpod.oval:def:89050356 This update for ceph fixes the following issues: - CVE-2020-1700: Fixed a denial of service against the RGW server via connection leakage . - CVE-2020-1699: Fixed a information disclosure by improper URL checking . oval:org.secpod.oval:def:62248 ceph: distributed storage and file system Ceph could be made to stop responding if it received specially crafted network traffic. oval:org.secpod.oval:def:89050850 This update for ceph fixes the following issues: Security issue fixed: - CVE-2019-10222: Fixed RGW crash via unauthenticated clients . oval:org.secpod.oval:def:117131 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:89050536 This update for ceph, ceph-iscsi and ses-manual_en fixes the following issues: Security issues fixed: - CVE-2019-10222: Fixed RGW crash caused by unauthenticated clients. Non-security issues-fixed: - ceph-volume: prints errors to stdout with --format json - mgr/dashboard: Changing rgw-api-host doe ... oval:org.secpod.oval:def:58861 ceph: distributed storage and file system Ceph could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:705149 ceph: distributed storage and file system Ceph could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:118168 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:114135 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:113770 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:1900118 Ceph does not properly sanitize encryption keys in debug logging for v4auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. oval:org.secpod.oval:def:705641 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:66848 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:2000056 It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. oval:org.secpod.oval:def:50979 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:2001565 It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. oval:org.secpod.oval:def:705037 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:89048052 This update for ceph fixes the following issues: ceph was updated to the Pacific release : + rgw: check bucket shard init status in RGWRadosBILogTrimCR + ceph-volume: honour osd_dmcrypt_key_size option + Remove last vestiges of docker.io image paths + cephadm: prometheus: The generatorURL in al ... oval:org.secpod.oval:def:708129 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:91755 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:3300643 SUSE Security Update: Security update for ceph oval:org.secpod.oval:def:708364 ceph: distributed storage and file system Ceph could be made to run programs as an administrator. oval:org.secpod.oval:def:89048658 This update for ceph fixes the following issues: Security issues fixed: * CVE-2022-0670: Fixed user/tenant read/write access to an entire file system . * CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root . * CVE-2022-3854: Fixed possible DoS issue in ceph URL pro ... oval:org.secpod.oval:def:89902 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:89901 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:125354 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:89047789 This update for ceph fixes the following issues: - Update to 16.2.9-536-g41a9f9a5573: + rgw: check bucket shard init status in RGWRadosBILogTrimCR + ceph-volume: honour osd_dmcrypt_key_size option - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python\. when building boost + make-dist: pa ... oval:org.secpod.oval:def:73712 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:120229 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:706200 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:120239 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:89050428 This update for ceph fixes the following issues: Security issue fixed: - CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface . Non-security issues fixed: - Update to 15.2.8-80-g1f4b6229ca: + Rebase on tip of upstream "octopus" branch, SHA1 bdf3eebcd22d7d0b3dd4d55 ... oval:org.secpod.oval:def:75795 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:89044269 This update for ceph fixes the following issues: - ceph was updated to 14.2.20-402-g6aa76c6815: * CVE-2021-20288: Fixed unauthorized global_id reuse . * CVE-2020-25678: Do not add sensitive information in Ceph log files . * CVE-2020-27839: Use secure cookies to store JWT Token . * mgr/dashboard: pro ... oval:org.secpod.oval:def:89047254 This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: * CVE-2021-20288: Fixed unauthorized global_id reuse . * disk gets replaced with no rocksdb/wal . * BlueStore handles huge writes from RocksDB to BlueFS poorly, potentially causing data corruption . oval:org.secpod.oval:def:120240 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:89047173 This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - fix cookie injection issue - RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name - sanitize \r in s3 CORSConfiguration's ExposeHeader oval:org.secpod.oval:def:708729 ceph: distributed storage and file system Ceph could be made to bypass authorization checks if it received a specially crafted request. oval:org.secpod.oval:def:98685 ceph: distributed storage and file system Ceph could be made to bypass authorization checks if it received a specially crafted request. |
