[ubuntu/bionic-security] ceph 12.2.13-0ubuntu0.18.04.4 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Sep 22 11:09:36 UTC 2020
ceph (12.2.13-0ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: XSS attacks
- debian/patches/CVE-2020-1760-1.patch: reject unauthenticated
response-header actions in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-2.patch: change EPERM to
ERR_INVALID_REQUEST in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-3.patch: reject control characters in
response-header actions in src/rgw/rgw_rest_s3.cc.
- CVE-2020-1760
* SECURITY UPDATE: HTTP header injection
- debian/patches/CVE-2020-10753.patch: sanitize newlines in
src/rgw/rgw_cors.cc.
- CVE-2020-10753
* SECURITY UPDATE: DoS via invalid tagging XML
- debian/patches/CVE-2020-12059.patch: check for tagging element in
src/rgw/rgw_rest_s3.cc.
- CVE-2020-12059
ceph (12.2.13-0ubuntu0.18.04.3) bionic; urgency=medium
* d/p/bug1868364.patch: fix rgw unable to abort multipart upload after
the bucket got resharded (LP: #1868364).
ceph (12.2.13-0ubuntu0.18.04.2) bionic; urgency=medium
* d/p/bug1871820.patch: Revert change in default concurrency for
rocksdb background compactions to avoid potential data loss
(LP: #1871820).
ceph (12.2.13-0ubuntu0.18.04.1) bionic; urgency=medium
* New upstream point release (LP: #1861793).
* d/p/bug1847544.patch,ceph-volume-wait-for-lvs.patch,dont-validate-fs-
caps-on-authorize.patch,issue37490.patch,issue38454.patch,rgw-gc-use-
aio.patch: Drop, all included in upstream release.
* d/p/*: Refresh as needed.
* d/p/bug1804261.patch: Cherry pick fix to ensure that ceph-volume
tries and interval environment variables are converted to int
(LP: #1804261).
Date: 2020-09-11 15:03:15.337656+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ceph/12.2.13-0ubuntu0.18.04.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list