[ubuntu/bionic-updates] ceph 12.2.13-0ubuntu0.18.04.4 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Sep 22 11:58:30 UTC 2020
ceph (12.2.13-0ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: XSS attacks
- debian/patches/CVE-2020-1760-1.patch: reject unauthenticated
response-header actions in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-2.patch: change EPERM to
ERR_INVALID_REQUEST in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-3.patch: reject control characters in
response-header actions in src/rgw/rgw_rest_s3.cc.
- CVE-2020-1760
* SECURITY UPDATE: HTTP header injection
- debian/patches/CVE-2020-10753.patch: sanitize newlines in
src/rgw/rgw_cors.cc.
- CVE-2020-10753
* SECURITY UPDATE: DoS via invalid tagging XML
- debian/patches/CVE-2020-12059.patch: check for tagging element in
src/rgw/rgw_rest_s3.cc.
- CVE-2020-12059
Date: 2020-09-11 15:03:15.337656+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/ceph/12.2.13-0ubuntu0.18.04.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list