1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4339-1] ceph security update

    From Moritz Muehlenhoff@1:229/2 to All on Tue Nov 13 23:00:02 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4339-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 13, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ceph
    CVE ID : CVE-2017-7519 CVE-2018-1086 CVE-2018-1128 CVE-2018-1129

    Multiple vulnerabilities were discovered in Ceph, a distributed storage
    and file system: The cephx authentication protocol was suspectible to
    replay attacks and calculated signatures incorrectly, "ceph mon" did not validate capabilities for pool operations (resulting in potential
    corruption or deletion of snapshot images) and a format string
    vulnerability in libradosstriper could result in denial of service.

    For the stable distribution (stretch), these problems have been fixed in version 10.2.11-1.

    We recommend that you upgrade your ceph packages.

    For the detailed security status of ceph please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/ceph

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvrRh8ACgkQEMKTtsN8 TjZEMQ//Q+eJMDB8yf5vNc8V7ilNffYAWjhAH17XqhRnS67I1WeH5vfypdN9XGNa tipNdP33uFt9NuUl2+bP7KBV3G/Ie/SaFibERmBVg+WRV7y0mwBKt5F8WA9JFelH lHBSBK0v0e9qK9eM96sOZx3QpTU1wxdDGPzgqiUeb6aosIx0J3cvjvwt/+co1y4n 7EFwG+Ujro5UBC8XzrDIxoCJas2FKFzcPVyKvRQvrY9Iz8RJ3FdomAkzSXwQLGGP CRIX4GVN77t2NFhgvZk0C6/YL6JvBjdKcXb9KoOQSUWvh+dIlvIaV4xk2CBNIi/y Fy+o3tG/0YIIjTsDkEdrBykRsaJnZUA4r4ws7gstbXPhBrISXliI75yIro47Smh+ TOW94uY3cVl4b6LdOeIlmNIJ3T1ck8QJ28ZAoWW/zFBJIlTqVqiOCOU1veTZkLI3 ScwQBDvUlrP2AppH51D/VHzsEcVCekRQsXKWaV9mlHr+Q37QJUXwsGjHNHgGG1GW cGhOm5Mjwq7bMsBIJxjeu3LVUig3++D+MGwkCdr0lOdIqbe7qhuZzkJj69S1baVm YxHUbVqtBBEKORYH7ItMQoQ9NRzTdpwm48nhH7VHnibD8jFZ9o0VEWYupf1DEHkM 8n/nnbaE1KhptV5Q37z3jkhOFR+99XrMV9BJUkzqxKPFXy2m1qo=
    =Sruu
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)