1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4339-2] ceph regression update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Nov 21 23:00:02 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4339-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ceph
    Debian Bug : 913909

    The update for ceph issued as DSA-4339-1 caused a build regression for
    the i386 builds. Updated packages are now available to address this
    issue. For reference, the original advisory text follows.

    Multiple vulnerabilities were discovered in Ceph, a distributed storage
    and file system: The cephx authentication protocol was susceptible to
    replay attacks and calculated signatures incorrectly, "ceph mon" did not validate capabilities for pool operations (resulting in potential
    corruption or deletion of snapshot images) and a format string
    vulnerability in libradosstriper could result in denial of service.

    For the stable distribution (stretch), this problem has been fixed in
    version 10.2.11-2.

    We recommend that you upgrade your ceph packages.

    For the detailed security status of ceph please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/ceph

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlv10tNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TnSg/9EWpuEYFq8CqFXFKz0GQ7pvOvJXZzg8VRRdGtSqil/yOGLkia7X0C4aox C8zF62JXyALlRjyR7ti2U9RD7E5D+r2jSWjaxHzbHTDYPMQI0U7bww1T2cdj9yze zYl1pebLvWwhnhRF9c1mG1g2CcxHtjU8zxGRKjsjupjF0v/bFL+IN1OcyjEeCVG5 yDwjU8h9ux3FbLxxSGHLl8Yzk/Q0WAOo2KcxIva/0mTZ5zDxwJlltbkw0pC8gcKd RQFU+J88oOUbNF4n2HxK3OATJhiOmrQ8xBy4E50AE7GuRDoJYcDfSmEkBVBwxOTN QmTNxyd/vooUkF6eXhJHJ45cm8QWALoYH4MzPVrBTYLx985WVQ2Q4pa1vv7hPfz6 kllnsJO9ZjyT4POvGihfR3W0y2Cb8tTe/x0WHci/0uTEBvnhAIrUpjfTO30ajGXe QitdTxZA955O/JtpdwyqRGywZXJyrtjJTqaZeQA1G2bKC9e6h19kwi2WX8qYXTdQ N3gK//BeWkaE6EylB6c6aionmN5AuVEd5jmZ+GO1BfOq3/oRSKfQcDJly6JG7UaM 0jpT85eIYiNQc6JvZ+78NwxrqVgAnKq8F7ejsT4FQyQkZxcjljyyix+y6iAPhAut bunmOl3Q/U8JE8FzDuJA/rKXhXdSGCUMytTwuXo1pLY+m5JBz/c=
    =UHIj
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)