[ubuntu/bionic-security] ceph 12.2.13-0ubuntu0.18.04.4 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Sep 22 11:09:36 UTC 2020

ceph (12.2.13-0ubuntu0.18.04.4) bionic-security; urgency=medium

    - debian/patches/CVE-2020-1760-1.patch: reject unauthenticated
      response-header actions in src/rgw/rgw_rest_s3.cc.
    - debian/patches/CVE-2020-1760-2.patch: change EPERM to
      ERR_INVALID_REQUEST in src/rgw/rgw_rest_s3.cc.
    - debian/patches/CVE-2020-1760-3.patch: reject control characters in
      response-header actions in src/rgw/rgw_rest_s3.cc.
    - CVE-2020-1760
  * SECURITY UPDATE: HTTP header injection
    - debian/patches/CVE-2020-10753.patch: sanitize newlines in
    - CVE-2020-10753
  * SECURITY UPDATE: DoS via invalid tagging XML
    - debian/patches/CVE-2020-12059.patch: check for tagging element in
    - CVE-2020-12059

ceph (12.2.13-0ubuntu0.18.04.3) bionic; urgency=medium

  * d/p/bug1868364.patch: fix rgw unable to abort multipart upload after
    the bucket got resharded (LP: #1868364).

ceph (12.2.13-0ubuntu0.18.04.2) bionic; urgency=medium

  * d/p/bug1871820.patch: Revert change in default concurrency for
    rocksdb background compactions to avoid potential data loss
    (LP: #1871820).

ceph (12.2.13-0ubuntu0.18.04.1) bionic; urgency=medium

  * New upstream point release (LP: #1861793).
  * d/p/bug1847544.patch,ceph-volume-wait-for-lvs.patch,dont-validate-fs-
    aio.patch: Drop, all included in upstream release.
  * d/p/*: Refresh as needed.
  * d/p/bug1804261.patch: Cherry pick fix to ensure that ceph-volume
    tries and interval environment variables are converted to int
    (LP: #1804261).

Date: 2020-09-11 15:03:15.337656+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list