[Bug 1929179] Update Released
James Page
1929179 at bugs.launchpad.net
Tue Jul 6 12:51:54 UTC 2021
The verification of the Stable Release Update for ceph has completed
successfully and the package has now been released to -updates. In the
event that you encounter a regression using the package from -updates
please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1929179
Title:
[SRU] ceph 15.2.12
Status in Ubuntu Cloud Archive:
Invalid
Status in Ubuntu Cloud Archive ussuri series:
Fix Released
Status in ceph package in Ubuntu:
Invalid
Status in ceph source package in Focal:
Fix Released
Status in ceph source package in Groovy:
Fix Released
Bug description:
[Impact]
This release fixes several bugs. We would like to make sure all of our users have access to these improvements.
The update contains the following package updates:
* ceph 15.2.12
[Test Case]
The following SRU process was followed:
https://wiki.ubuntu.com/OpenStackUpdates
In order to avoid regression of existing users, the OpenStack team
will run their continuous integration test against the packages that
are in -proposed. A successful run of all available tests will be
required before the proposed packages can be let into -updates.
The OpenStack team will be in charge of attaching the output summary
of the executed tests. The OpenStack team members will not mark
‘verification-done’ until this has happened.
[Regression Potential]
In order to mitigate the regression potential, the results of the
aforementioned tests are attached to this bug.
[Upstream release announcement]
V15.2.12 OCTOPUS
This is a hotfix release addressing a number of security issues and
regressions. We recommend all users update to this release.
CHANGELOG
mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar)
mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard
XSS via token cookie, Ernesto Puerta)
rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name
(CVE-2021-3531: Swift API denial of service, Felix Huettner)
rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524:
HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley)
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1929179/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list