1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1109470: ceph: CVE-2025-52555 regression

    From Adrian Bunk@21:1/5 to All on Fri Jul 18 15:40:01 2025
    Source: ceph
    Version: 18.2.6-1
    Severity: serious
    Tags: security
    Forwarded: https://github.com/ceph/ceph/pull/64356
    X-Debbugs-Cc: Debian Security Team <[email protected]>

    Prior to fb1b72d, unprivileged users could add mode bits as long as S_ISUID and S_ISGID were not included in the change.

    After fb1b72d, unprivileged users were allowed to modify S_ISUID and S_ISGID bits only when no other mode bits were changed in the same operation. This inadvertently permitted unprivileged users to set S_ISUID and/or S_ISGID bits when they were the
    sole bits being modified.

    This behavior should not be allowed. Unprivileged users should be prohibited from setting S_ISUID and/or S_ISGID bits under any circumstances.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Daniel Baumann@21:1/5 to All on Mon Jul 21 10:20:02 2025
    Control: tag -1 pending

    Hello,

    Bug #1109470 in ceph reported by you has been fixed in the
    Git repository and is awaiting an upload. You can see the commit
    message below and you can check the diff of the fix at:

    https://salsa.debian.org/ceph-team/ceph/-/commit/7b5ea6c8500ea7676780a572f65751af8121c65b

    ------------------------------------------------------------------------
    Adding patch from upstream to fix regression with CVE-2025-52555:
    - unprivileged users can set S_ISUID and/or S_ISGID bits when changed seperatly from each other (Closes: #1109470).

    Signed-off-by: Daniel Baumann <[email protected]> ------------------------------------------------------------------------

    (this message was generated automatically)
    --
    Greetings

    https://bugs.debian.org/1109470

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Mon Jul 21 10:20:02 2025
    Processing control commands:

    tag -1 pending
    Bug #1109470 [src:ceph] ceph: CVE-2025-52555 regression
    Added tag(s) pending.

    --
    1109470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109470
    Debian Bug Tracking System
    Contact [email protected] with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Tue Jul 22 21:20:01 2025
    This is a multi-part message in MIME format...

    Your message dated Tue, 22 Jul 2025 18:11:28 +0000
    with message-id <[email protected]>
    and subject line Bug#1109470: fixed in ceph 18.2.7+ds-1
    has caused the Debian Bug report #1109470,
    regarding ceph: CVE-2025-52555 regression
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1109470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109470
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 18 Jul 2025 13:30:27 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-109.2 required=4.0 tests=BAYES_00,DKIMWL_WL_HIGH,
    DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FROMDEVELOPER,
    SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY,USER_IN_DKIM_WELCOMELIST,
    XMAILER_REPORTBUG autolearn=ham autolearn_force=no
    version=4.0.1-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 12; hammy, 131; neutral, 36; spammy,
    1. spammytokens:0.929-+--prohibited
    hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin,
    0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311,
    0.000-+--H*RT:311, 0.000-+--H*RT:108
    Return-path: <[email protected]>
    Received: from stravinsky.debian.org ([2001:41b8:202:deb::3