[ubuntu/focal-security] ceph 15.2.17-0ubuntu0.20.04.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue May 9 20:19:11 UTC 2023 

ceph (15.2.17-0ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via ceph crash service
    - debian/patches/CVE-2022-3650-2.patch: fix some flake8 issues in
      src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-3.patch: fix stderr handling in
      src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-4.patch: drop privleges to run as "ceph"
      user, rather than root in src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-5.patch: chown crash files to ceph user
      in qa/workunits/rados/test_crash.sh.
    - debian/patches/CVE-2022-3650-6.patch: log warning if crash directory
      unreadable in src/ceph-crash.in.
    - CVE-2022-3650
  * This also fixes CVE-2021-3979 and CVE-2022-0670 in the -security
    pocket.

ceph (15.2.17-0ubuntu0.20.04.1) focal; urgency=medium

  * New upstream release (LP: #1990862).
  * Dropped patches in latest release:
    - d/p/disable-log-slow-requests.patch

ceph (15.2.16-0ubuntu0.20.04.1) focal; urgency=medium

  [ James Page ]
  * d/control: Correct Breaks/Replaces versioning between -common and -mds
    to resolve issues with upgrades (LP: #1919261).

  [ Chris MacNaughton ]
  * New upstream release (LP: #1964802).
  * Dropped patches in latest relese:
    - d/p/rgw_clear_buckets_before_calling_list_buckets.patch
    - d/p/bug1955345.patch
  * d/p/misc-32-bit-fixes.patch: Refreshed.
  * d/rules, d/ceph-osd.install: Update ceph-osd-smartctl to ceph-smartctl.

ceph (15.2.14-0ubuntu0.20.04.2) focal; urgency=medium

  * d/p/rgw_clear_buckets_before_calling_list_buckets.patch:
    Cherry-pick upstream change to fix duplicate entries with
    large buckets (LP: #1946211).

ceph (15.2.14-0ubuntu0.20.04.1) focal; urgency=medium

  * New upstream release (LP: #1940902).

ceph (15.2.13-0ubuntu0.20.04.2) focal; urgency=medium

  [ Chris MacNaughton ]
  * d/ceph-base.install: Remove ceph-deploy man page installation
    (LP: #1892448).

ceph (15.2.13-0ubuntu0.20.04.1) focal; urgency=medium

  * New upstream release (LP: #1933410).

Date: 2023-05-09 16:19:18.831293+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ceph/15.2.17-0ubuntu0.20.04.3
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list