Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 4304-1 Ceph Notice: Denial Of Service Due To Network Traffic

ubuntu
Calendar Grey March 17, 2020
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-4304-2 addresses a Ceph issue that could lead to service disruptions due to maliciously crafted data packets.
Ceph could be made to stop responding if it received specially crafted network traffic.

Summary

Ceph could be made to stop responding if it received specially crafted

network traffic.

Software Description:

- ceph: distributed storage and file system

Details:

Or Friedman discovered that Ceph incorrectly handled disconnects. A remote

authenticated attacker could possibly use this issue to cause Ceph to

consume resources, leading to a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  ceph                            14.2.4-0ubuntu0.19.10.2
  ceph-base                       14.2.4-0ubuntu0.19.10.2
  ceph-common                     14.2.4-0ubuntu0.19.10.2

Ubuntu 18.04 LTS:
  ceph                            12.2.12-0ubuntu0.18.04.5
  ceph-base                       12.2.12-0ubuntu0.18.04.5
  ceph-common                     12.2.12-0ubuntu0.18.04.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4304-1

CVE-2020-1700

Severity
critical
Lowest
Low
Medium
High
Critical

March 17, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here