[ubuntu/bionic-security] ceph 12.2.13-0ubuntu0.18.04.10 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Nov 1 19:11:22 UTC 2021
ceph (12.2.13-0ubuntu0.18.04.10) bionic-security; urgency=medium
* SECURITY UPDATE: user credentials issue
- debian/patches/CVE-2020-27781-1.patch: fix PEP-8 SyntaxWarning in
src/pybind/ceph_volume_client.py.
- debian/patches/CVE-2020-27781-2.patch: disallow authorize auth_id in
src/pybind/ceph_volume_client.py.
- debian/patches/CVE-2020-27781-3.patch: preserve existing caps while
authorize/deauthorize auth-id in src/pybind/ceph_volume_client.py.
- debian/patches/CVE-2020-27781-4.patch: optionally authorize existing
auth-ids in src/pybind/ceph_volume_client.py.
- debian/patches/CVE-2020-27781-5.patch: add tests in
qa/tasks/cephfs/test_volume_client.py.
- CVE-2020-27781
* SECURITY UPDATE: HTTP headers injection
- debian/patches/CVE-2021-3524.patch: add more escaping to headers in
src/rgw/rgw_cors.cc.
- CVE-2021-3524
* SECURITY UPDATE: denial of service in rgw
- debian/patches/CVE-2021-3531.patch: checks empty subdir_name in
src/rgw/rgw_rest_swift.cc.
- CVE-2021-3531
* This package does _not_ contain the changes from the
12.2.13-0ubuntu0.18.04.9 package in bionic-proposed.
ceph (12.2.13-0ubuntu0.18.04.8) bionic; urgency=medium
* d/p/lp1908375*.patch: remove blkid calls from ceph-volume lvm list
to improve performance/experience in systems with large numbers of
slow disks (LP: #1908375).
ceph (12.2.13-0ubuntu0.18.04.7) bionic; urgency=medium
* d/p/bug1914911.patch: cherry pick fix to ensure more regular compaction
of the bluefs log (LP: #1914911).
ceph (12.2.13-0ubuntu0.18.04.6) bionic; urgency=medium
* d/p/bug1906496.patch: disable network stats in
dump_osd_stats (LP: #1906496)
ceph (12.2.13-0ubuntu0.18.04.5) bionic; urgency=medium
* d/p/rules: Enable RelWithDebInfo (LP: #1894453).
Date: 2021-11-01 13:58:10.136316+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ceph/12.2.13-0ubuntu0.18.04.10
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list