- ceph (12.2.11+dfsg1-2.1+rpi1) buster-staging; urgency=medium
++ceph (12.2.11+dfsg1-2.1+rpi1+deb10u1) buster-staging; urgency=medium
+
+ [changes brought forward from 10.2.5-7.2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 30 Jul 2017 09:48:17 +0000]
+ * Add Raspbian to lists of "debian-like" distros.
+ + Hopefully this will fix site-packages vs dist-packages
+ build failure in Raspbian.
+
- -- Raspbian forward porter <root@raspbian.org> Thu, 11 Apr 2019 06:20:48 +0000
++ -- Raspbian forward porter <root@raspbian.org> Thu, 26 Oct 2023 16:28:27 +0000
++
+ ceph (12.2.11+dfsg1-2.1+deb10u1) buster-security; urgency=medium
+
+ * Non-maintainer upload by the LTS Security Team.
+
+ [ Stefano Rivera ]
+ * Collection of minor security updates for Ceph.
+ * CVE-2020-27781: Privilege Escalation: User credentials could be manipulated
+ and stolen by Native CephFS consumers of OpenStack Manila, resulting in
+ potential privilege escalation. An Open Stack Manila user can request
+ access to a share to an arbitrary cephx user, including existing users.
+ The access key is retrieved via the interface drivers. Then, all users of
+ the requesting OpenStack project can view the access key. This enables the
+ attacker to target any resource that the user has access to. This can be
+ done to even "admin" users, compromising the ceph administrator.
+ * CVE-2021-20288: Potential Privilege Escalation: When handling
+ CEPHX_GET_PRINCIPAL_SESSION_KEY requests, ignore CEPH_ENTITY_TYPE_AUTH in
+ CephXServiceTicketRequest::keys.
+ * CVE-2020-1760: XSS: A flaw was found in the Ceph Object Gateway, where it
+ supports request sent by an anonymous user in Amazon S3. This flaw could
+ lead to potential XSS attacks due to the lack of proper neutralization of
+ untrusted input.
+ * CVE-2020-25678: Information Disclosure: ceph stores mgr module passwords
+ in clear text. This can be found by searching the mgr logs for grafana and
+ dashboard, with passwords visible.
+ * CVE-2019-10222: Denial of service: An unauthenticated attacker could crash
+ the Ceph RGW server by sending valid HTTP headers and terminating the
+ connection, resulting in a remote denial of service for Ceph RGW clients.
+ * CVE-2020-10753 and CVE-2021-3524: Header Injection: It was possible to
+ inject HTTP headers via a CORS ExposeHeader tag in an Amazon S3 bucket. The
+ newline character in the ExposeHeader tag in the CORS configuration file
+ generates a header injection in the response when the CORS request is
+ made.
+ * CVE-2020-12059: Denial of Service: A POST request with an invalid tagging
+ XML could crash the RGW process by triggering a NULL pointer exception.
+ * CVE-2020-1700: Denial of Service: A flaw was found in the way the Ceph RGW
+ Beast front-end handles unexpected disconnects. An authenticated attacker
+ can abuse this flaw by making multiple disconnect attempts resulting in a
+ permanent leak of a socket connection by radosgw. This flaw could lead to
+ a denial of service condition by pile up of CLOSE_WAIT sockets, eventually
+ leading to the exhaustion of available resources, preventing legitimate
+ users from connecting to the system.
+ * CVE-2021-3531: Denial of Service: When processing a GET Request in Ceph
+ Storage RGW for a swift URL that ends with two slashes it could cause the
+ rgw to crash, resulting in a denial of service.
+ * CVE-2021-3979: Loss of Confidentiality: A key length flaw was found in
+ Ceph Storage. An attacker could exploit the fact that the key length is
+ incorrectly passed in an encryption algorithm to create a non random key,
+ which is weaker and can be exploited for loss of confidentiality and
+ integrity on encrypted disks.
+
+ [ Bastien Roucariès ]
+
+ * CVE-2023-43040: A flaw was found in Ceph RGW. An unprivileged
+ user can write to any bucket(s) accessible by a given key
+ if a POST's form-data contains a key called 'bucket'
+ with a value matching the name of the bucket used to sign
+ the request. The result of this is that a user could actually
+ upload to any bucket accessible by the specified access key
+ as long as the bucket in the POST policy matches the bucket
+ in said POST form part. (Closes: #1053690)
+
+ -- Bastien Roucariès <rouca@debian.org> Sat, 21 Oct 2023 16:42:26 +0000
ceph (12.2.11+dfsg1-2.1) unstable; urgency=medium
projects / ceph.git / commitdiff