[ubuntu/xenial-updates] ceph 10.2.11-0ubuntu0.16.04.2 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Jun 25 12:28:38 UTC 2019


ceph (10.2.11-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: incorrect permissions on dm-crypt keys
    - debian/patches/CVE-2018-14662.patch: limit caps allowed to access the
      store in qa/suites/rados/singleton/all/mon-config-key-caps.yaml,
      qa/workunits/mon/test_config_key_caps.sh, src/mon/MonCap.cc.
    - CVE-2018-14662
  * SECURITY UPDATE: DoS against OMAPs holding bucket indices
    - debian/patches/CVE-2018-16846-pre1.patch: enforce bounds on
      max-keys/max-uploads/max-parts in src/rgw/rgw_op.cc,
      src/rgw/rgw_op.h, src/rgw/rgw_rest.cc, src/rgw/rgw_rest_swift.cc,
      src/common/config_opts.h.
    - debian/patches/CVE-2018-16846.patch: fix issues with 'enforce bounds'
      patch in src/rgw/rgw_op.cc, src/rgw/rgw_op.h, src/rgw/rgw_rest.cc.
    - CVE-2018-16846

Date: 2019-06-01 20:40:12.623224+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/ceph/10.2.11-0ubuntu0.16.04.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list