[ubuntu/bionic-updates] ceph 12.2.13-0ubuntu0.18.04.10 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon Nov 1 19:58:40 UTC 2021
ceph (12.2.13-0ubuntu0.18.04.10) bionic-security; urgency=medium
* SECURITY UPDATE: user credentials issue
- debian/patches/CVE-2020-27781-1.patch: fix PEP-8 SyntaxWarning in
src/pybind/ceph_volume_client.py.
- debian/patches/CVE-2020-27781-2.patch: disallow authorize auth_id in
src/pybind/ceph_volume_client.py.
- debian/patches/CVE-2020-27781-3.patch: preserve existing caps while
authorize/deauthorize auth-id in src/pybind/ceph_volume_client.py.
- debian/patches/CVE-2020-27781-4.patch: optionally authorize existing
auth-ids in src/pybind/ceph_volume_client.py.
- debian/patches/CVE-2020-27781-5.patch: add tests in
qa/tasks/cephfs/test_volume_client.py.
- CVE-2020-27781
* SECURITY UPDATE: HTTP headers injection
- debian/patches/CVE-2021-3524.patch: add more escaping to headers in
src/rgw/rgw_cors.cc.
- CVE-2021-3524
* SECURITY UPDATE: denial of service in rgw
- debian/patches/CVE-2021-3531.patch: checks empty subdir_name in
src/rgw/rgw_rest_swift.cc.
- CVE-2021-3531
* This package does _not_ contain the changes from the
12.2.13-0ubuntu0.18.04.9 package in bionic-proposed.
Date: 2021-11-01 13:58:10.136316+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ceph/12.2.13-0ubuntu0.18.04.10
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list