Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Debian: DLA-2735-1 Moderate: Ceph Security Flaws Repaired

debian lts
Calendar Grey August 10, 2021
Dist Debian Esm H88
The recent Ceph security patch for Debian LTS tackles several vulnerabilities, bolstering both system security and overall reliability.
Several vulnerabilities were discovered in Ceph, a distributed storage and file system

Summary

Authenticated ceph users with read only permissions could steal dm-crypt
encryption keys used in ceph disk encryption.

CVE-2018-16846

Authenticated ceph RGW users can cause a denial of service against OMAPs
holding bucket indices.

CVE-2020-10753

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object
Gateway).
The vulnerability is related to the injection of HTTP headers via a CORS
ExposeHeader tag. The newline character in the ExposeHeader tag in the
CORS configuration file generates a header injection in the response when
the CORS request is made.

CVE-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request
sent by an anonymous user in Amazon S3. This flaw could lead to potential
XSS attacks due to the lack of proper neutralization of untrusted input.

CVE-2021-3524

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway)

Read the Full Advisory


-------------------------------------------------------------------------Package: ceph
Version: 10.2.11-2+deb9u1
CVE ID: CVE-2018-14662 CVE-2018-16846 CVE-2020-1760 CVE-2020-10753
Debian Bug: 921948 921947 956142 975300 988889

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here