From: Raspbian automatic forward porter Date: Thu, 26 Oct 2023 16:28:28 +0000 (+0100) Subject: Merge version 12.2.11+dfsg1-2.1+rpi1 and 12.2.11+dfsg1-2.1+deb10u1 to produce 12... X-Git-Tag: archive/raspbian/12.2.11+dfsg1-2.1+rpi1+deb10u1^0 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=cd346edb4fbd97981426ce440f61fd4ede43d4b3;p=ceph.git Merge version 12.2.11+dfsg1-2.1+rpi1 and 12.2.11+dfsg1-2.1+deb10u1 to produce 12.2.11+dfsg1-2.1+rpi1+deb10u1 --- cd346edb4fbd97981426ce440f61fd4ede43d4b3 diff --cc debian/changelog index edc391e08,bc0c3e144..b5bd1c38b --- a/debian/changelog +++ b/debian/changelog @@@ -1,11 -1,65 +1,74 @@@ - ceph (12.2.11+dfsg1-2.1+rpi1) buster-staging; urgency=medium ++ceph (12.2.11+dfsg1-2.1+rpi1+deb10u1) buster-staging; urgency=medium + + [changes brought forward from 10.2.5-7.2+rpi1 by Peter Michael Green at Sun, 30 Jul 2017 09:48:17 +0000] + * Add Raspbian to lists of "debian-like" distros. + + Hopefully this will fix site-packages vs dist-packages + build failure in Raspbian. + - -- Raspbian forward porter Thu, 11 Apr 2019 06:20:48 +0000 ++ -- Raspbian forward porter Thu, 26 Oct 2023 16:28:27 +0000 ++ + ceph (12.2.11+dfsg1-2.1+deb10u1) buster-security; urgency=medium + + * Non-maintainer upload by the LTS Security Team. + + [ Stefano Rivera ] + * Collection of minor security updates for Ceph. + * CVE-2020-27781: Privilege Escalation: User credentials could be manipulated + and stolen by Native CephFS consumers of OpenStack Manila, resulting in + potential privilege escalation. An Open Stack Manila user can request + access to a share to an arbitrary cephx user, including existing users. + The access key is retrieved via the interface drivers. Then, all users of + the requesting OpenStack project can view the access key. This enables the + attacker to target any resource that the user has access to. This can be + done to even "admin" users, compromising the ceph administrator. + * CVE-2021-20288: Potential Privilege Escalation: When handling + CEPHX_GET_PRINCIPAL_SESSION_KEY requests, ignore CEPH_ENTITY_TYPE_AUTH in + CephXServiceTicketRequest::keys. + * CVE-2020-1760: XSS: A flaw was found in the Ceph Object Gateway, where it + supports request sent by an anonymous user in Amazon S3. This flaw could + lead to potential XSS attacks due to the lack of proper neutralization of + untrusted input. + * CVE-2020-25678: Information Disclosure: ceph stores mgr module passwords + in clear text. This can be found by searching the mgr logs for grafana and + dashboard, with passwords visible. + * CVE-2019-10222: Denial of service: An unauthenticated attacker could crash + the Ceph RGW server by sending valid HTTP headers and terminating the + connection, resulting in a remote denial of service for Ceph RGW clients. + * CVE-2020-10753 and CVE-2021-3524: Header Injection: It was possible to + inject HTTP headers via a CORS ExposeHeader tag in an Amazon S3 bucket. The + newline character in the ExposeHeader tag in the CORS configuration file + generates a header injection in the response when the CORS request is + made. + * CVE-2020-12059: Denial of Service: A POST request with an invalid tagging + XML could crash the RGW process by triggering a NULL pointer exception. + * CVE-2020-1700: Denial of Service: A flaw was found in the way the Ceph RGW + Beast front-end handles unexpected disconnects. An authenticated attacker + can abuse this flaw by making multiple disconnect attempts resulting in a + permanent leak of a socket connection by radosgw. This flaw could lead to + a denial of service condition by pile up of CLOSE_WAIT sockets, eventually + leading to the exhaustion of available resources, preventing legitimate + users from connecting to the system. + * CVE-2021-3531: Denial of Service: When processing a GET Request in Ceph + Storage RGW for a swift URL that ends with two slashes it could cause the + rgw to crash, resulting in a denial of service. + * CVE-2021-3979: Loss of Confidentiality: A key length flaw was found in + Ceph Storage. An attacker could exploit the fact that the key length is + incorrectly passed in an encryption algorithm to create a non random key, + which is weaker and can be exploited for loss of confidentiality and + integrity on encrypted disks. + + [ Bastien Roucariès ] + + * CVE-2023-43040: A flaw was found in Ceph RGW. An unprivileged + user can write to any bucket(s) accessible by a given key + if a POST's form-data contains a key called 'bucket' + with a value matching the name of the bucket used to sign + the request. The result of this is that a user could actually + upload to any bucket accessible by the specified access key + as long as the bucket in the POST policy matches the bucket + in said POST form part. (Closes: #1053690) + + -- Bastien Roucariès Sat, 21 Oct 2023 16:42:26 +0000 ceph (12.2.11+dfsg1-2.1) unstable; urgency=medium diff --cc debian/patches/series index 456a777db,04fe86b2b..184911c1e --- a/debian/patches/series +++ b/debian/patches/series @@@ -16,4 -16,22 +16,23 @@@ boost-1.67-fixes.patc softfp-armel.patch 32-bit-ftbfs.patch radosgw-linkage-without-beast.patch + CVE-2019-10222.patch + CVE-2020-1700.patch + CVE-2020-1760-1.patch + CVE-2020-1760-2.patch + CVE-2020-1760-3.patch + CVE-2020-10753.patch + CVE-2020-12059.patch + CVE-2020-25678-1.patch + CVE-2020-25678-2.patch + CVE-2020-27781-1.patch + CVE-2020-27781-2.patch + CVE-2020-27781-3.patch + CVE-2020-27781-4.patch + CVE-2020-27781-5.patch + CVE-2021-3524.patch + CVE-2021-3531.patch + CVE-2021-20288.patch + CVE-2021-3979.patch + 0033-CVE-2023-43040-rgw-Fix-bucket-validation-against-POS.patch +detect-raspbian.diff