[Bug 1928645] Re: [SRU] ceph 16.2.4

James Page 1928645 at bugs.launchpad.net
Wed Jul 14 11:41:09 UTC 2021 

This bug was fixed in the package ceph - 16.2.4-0ubuntu2~cloud0
---------------

 ceph (16.2.4-0ubuntu2~cloud0) focal-xena; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 ceph (16.2.4-0ubuntu2) impish; urgency=medium
 .
   * No-change rebuild due to OpenLDAP soname bump.
 .
 ceph (16.2.4-0ubuntu1) impish; urgency=medium
 .
   * d/rules,control: Enable new crimson-osd package and provide
     seastar based crimson-osd binary.
   * SECURITY UPDATE: New upstream release (LP: #1928645):
     - CVE-2021-3509: Dashboard XSS via token cookie.
     - CVE-2021-3531: Swift API denial of service.
     - CVE-2021-3531: HTTP header injects via CORS in RGW.
     - d/p/bug1925347.patch: Drop, included in release.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1928645

Title:
  [SRU] ceph 16.2.4

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive wallaby series:
  Fix Released
Status in Ubuntu Cloud Archive xena series:
  Fix Released
Status in ceph package in Ubuntu:
  Fix Released
Status in ceph source package in Hirsute:
  Fix Released
Status in ceph source package in Impish:
  Fix Released

Bug description:
  [Impact]
  This release fixes several bugs. We would like to make sure all of our users have access to these improvements.

  The update contains the following package updates:

     * ceph 16.2.4

  [Test Case]
  The following SRU process was followed:

  https://wiki.ubuntu.com/OpenStackUpdates

  In order to avoid regression of existing users, the OpenStack team
  will run their continuous integration test against the packages that
  are in -proposed. A successful run of all available tests will be
  required before the proposed packages can be let into -updates.

  The OpenStack team will be in charge of attaching the output summary
  of the executed tests. The OpenStack team members will not mark
  ‘verification-done’ until this has happened.

  [Regression Potential]
  In order to mitigate the regression potential, the results of the
  aforementioned tests are attached to this bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1928645/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list