Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 18.04 LTS: USN-4528-1 Elevated: Ceph Denial of Service and XSS

ubuntu
Calendar Grey September 22, 2020
Dist Ubuntu Esm H88
Multiple vulnerabilities in Ceph impacting Ubuntu 16.04 and 18.04 LTS disclosed in USN-4529-1.
Several security issues were fixed in Ceph.

Summary

Several security issues were fixed in Ceph.

Software Description:

- ceph: distributed storage and file system

Details:

Adam Mohammed discovered that Ceph incorrectly handled certain CORS

ExposeHeader tags. A remote attacker could possibly use this issue to

preform an HTTP header injection attack. (CVE-2020-10753)

Lei Cao discovered that Ceph incorrectly handled certain POST requests with

invalid tagging XML. A remote attacker could possibly use this issue to

cause Ceph to crash, leading to a denial of service. This issue only

affected Ubuntu 18.04 LTS. (CVE-2020-12059)

Robin H. Johnson discovered that Ceph incorrectly handled certain S3

requests. A remote attacker could possibly use this issue to perform a

XSS attack. (CVE-2020-1760)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  ceph                            12.2.13-0ubuntu0.18.04.4
  ceph-base                       12.2.13-0ubuntu0.18.04.4
  ceph-common                     12.2.13-0ubuntu0.18.04.4

Ubuntu 16.04 LTS:
  ceph                            10.2.11-0ubuntu0.16.04.3
  ceph-common                     10.2.11-0ubuntu0.16.04.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4528-1

CVE-2020-10753, CVE-2020-12059, CVE-2020-1760

Severity
critical
Lowest
Low
Medium
High
Critical

September 22, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here