[USN-4035-1] Ceph vulnerabilities
marc.deslauriers at canonical.com
Tue Jun 25 13:41:50 UTC 2019
Ubuntu Security Notice USN-4035-1
June 25, 2019
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 16.04 LTS
Several security issues were fixed in Ceph.
- ceph: distributed storage and file system
It was discovered that Ceph incorrectly handled read only permissions. An
authenticated attacker could use this issue to obtain dm-crypt encryption
keys. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-14662)
It was discovered that Ceph incorrectly handled certain OMAPs holding
bucket indices. An authenticated attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
It was discovered that Ceph incorrectly sanitized certain debug logs. A
local attacker could possibly use this issue to obtain encryption key
information. This issue was only addressed in Ubuntu 18.10 and Ubuntu
It was discovered that Ceph incorrectly handled certain civetweb requests.
A remote attacker could possibly use this issue to consume resources,
leading to a denial of service. This issue only affected Ubuntu 18.10 and
Ubuntu 19.04. (CVE-2019-3821)
The problem can be corrected by updating your system to the following
Ubuntu 16.04 LTS:
In general, a standard system update will make all the necessary changes.
CVE-2018-14662, CVE-2018-16846, CVE-2018-16889, CVE-2019-3821
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the ubuntu-security-announce