Several security issues were fixed in Ceph.
Software Description:
- ceph: distributed storage and file system
Details:
It was discovered that in some situations Ceph logged passwords from the
mgr module in clear text. An attacker could use this to expose sensitive
information. (CVE-2020-25678)
Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user
credentials in Ceph could be manipulated in certain environments. An
attacker could use this to gain unintended access. (CVE-2020-27781)
It was discovered that the Ceph dashboard was susceptible to a cross-site
scripting attack. An attacker could use this to expose sensitive
information or gain unintended access. (CVE-2020-27839)
It was discovered that Ceph contained an authentication flaw, leading to
key reuse. An attacker could use this to cause a denial of service or
possibly impersonate another user. (CVE-2021-20288)
Sergey Bobrov discovered that the Ceph dashboard was susceptible to a
cross-site scripting atta...
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: ceph 15.2.12-0ubuntu0.20.10.1 ceph-base 15.2.12-0ubuntu0.20.10.1 ceph-common 15.2.12-0ubuntu0.20.10.1 ceph-mgr 15.2.12-0ubuntu0.20.10.1 ceph-mgr-cephadm 15.2.12-0ubuntu0.20.10.1 ceph-mgr-dashboard 15.2.12-0ubuntu0.20.10.1 ceph-mgr-diskprediction-cloud 15.2.12-0ubuntu0.20.10.1 ceph-mgr-diskprediction-local 15.2.12-0ubuntu0.20.10.1 ceph-mgr-k8sevents 15.2.12-0ubuntu0.20.10.1 ceph-mgr-modules-core 15.2.12-0ubuntu0.20.10.1 ceph-mgr-rook 15.2.12-0ubuntu0.20.10.1 cephadm 15.2.12-0ubuntu0.20.10.1 radosgw 15.2.12-0ubuntu0.20.10.1 Ubuntu 20.04 LTS: ceph 15.2.12-0ubuntu0.20.04.1 ceph-base 15.2.12-0ubuntu0.20.04.1 ceph-common 15.2.12-0ubuntu0.20.04.1 ceph-mgr 15.2.12-0ubuntu0.20.04.1 ceph-mgr-cephadm 15.2.12-0ubuntu0.20.04.1 ceph-mgr-dashboard 15.2.12-0ubuntu0.20.04.1 ceph-mgr-diskprediction-cloud 15.2.12-0ubuntu0.20.04.1 ceph-mgr-diskprediction-local 15.2.12-0ubuntu0.20.04.1 ceph-mgr-k8sevents 15.2.12-0ubuntu0.20.04.1 ceph-mgr-modules-core 15.2.12-0ubuntu0.20.04.1 ceph-mgr-rook 15.2.12-0ubuntu0.20.04.1 cephadm 15.2.12-0ubuntu0.20.04.1 radosgw 15.2.12-0ubuntu0.20.04.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4998-1
CVE-2020-25678, CVE-2020-27781, CVE-2020-27839, CVE-2021-20288,
CVE-2021-3509, CVE-2021-3524, CVE-2021-3531
Get the latest Linux and open source security news straight to your inbox.