[ubuntu/bionic-security] ceph 12.2.13-0ubuntu0.18.04.10 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Nov 1 19:11:22 UTC 2021 

ceph (12.2.13-0ubuntu0.18.04.10) bionic-security; urgency=medium

  * SECURITY UPDATE: user credentials issue
    - debian/patches/CVE-2020-27781-1.patch: fix PEP-8 SyntaxWarning in
      src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-2.patch: disallow authorize auth_id in
      src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-3.patch: preserve existing caps while
      authorize/deauthorize auth-id in src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-4.patch: optionally authorize existing
      auth-ids in src/pybind/ceph_volume_client.py.
    - debian/patches/CVE-2020-27781-5.patch: add tests in
      qa/tasks/cephfs/test_volume_client.py.
    - CVE-2020-27781
  * SECURITY UPDATE: HTTP headers injection
    - debian/patches/CVE-2021-3524.patch: add more escaping to headers in
      src/rgw/rgw_cors.cc.
    - CVE-2021-3524
  * SECURITY UPDATE: denial of service in rgw
    - debian/patches/CVE-2021-3531.patch: checks empty subdir_name in
      src/rgw/rgw_rest_swift.cc.
    - CVE-2021-3531
  * This package does _not_ contain the changes from the
    12.2.13-0ubuntu0.18.04.9 package in bionic-proposed.

ceph (12.2.13-0ubuntu0.18.04.8) bionic; urgency=medium

  * d/p/lp1908375*.patch: remove blkid calls from ceph-volume lvm list
    to improve performance/experience in systems with large numbers of
    slow disks (LP: #1908375).

ceph (12.2.13-0ubuntu0.18.04.7) bionic; urgency=medium

  * d/p/bug1914911.patch: cherry pick fix to ensure more regular compaction
    of the bluefs log (LP: #1914911).

ceph (12.2.13-0ubuntu0.18.04.6) bionic; urgency=medium

  * d/p/bug1906496.patch: disable network stats in
    dump_osd_stats (LP: #1906496)

ceph (12.2.13-0ubuntu0.18.04.5) bionic; urgency=medium

  * d/p/rules: Enable RelWithDebInfo (LP: #1894453).

Date: 2021-11-01 13:58:10.136316+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ceph/12.2.13-0ubuntu0.18.04.10
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list