Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Ubuntu 4112-1: Ceph Denial Of Service Due To Malicious Network Traffic

ubuntu
Calendar Grey August 29, 2019
Dist Ubuntu Esm H88
Fedora Security Announcement FSA-2022-32 highlights a kernel vulnerability that may cause system instability due to harmful network packets.
Ceph could be made to crash if it received specially crafted network traffic.

Summary

Ceph could be made to crash if it received specially crafted network

traffic.

Software Description:

- ceph: distributed storage and file system

Details:

Abhishek Lekshmanan discovered that the RADOS gateway implementation in

Ceph did not handle client disconnects properly in some situations. A

remote attacker could use this to cause a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  ceph                            13.2.6-0ubuntu0.19.04.3
  radosgw                         13.2.6-0ubuntu0.19.04.3

Ubuntu 18.04 LTS:
  ceph                            12.2.12-0ubuntu0.18.04.2
  radosgw                         12.2.12-0ubuntu0.18.04.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4112-1

CVE-2019-10222

Severity
critical
Lowest
Low
Medium
High
Critical

August 29, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.