Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 20.04 LTS & 20.10: USN-4998-1 Critical: Ceph Security Issues

ubuntu
Calendar Grey June 24, 2021
Dist Ubuntu Esm H88
Essential patches for Ceph security flaws in Ubuntu tackling threats throughout various elements.
Several security issues were fixed in Ceph.

Summary

Several security issues were fixed in Ceph.

Software Description:

- ceph: distributed storage and file system

Details:

It was discovered that in some situations Ceph logged passwords from the

mgr module in clear text. An attacker could use this to expose sensitive

information. (CVE-2020-25678)

Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user

credentials in Ceph could be manipulated in certain environments. An

attacker could use this to gain unintended access. (CVE-2020-27781)

It was discovered that the Ceph dashboard was susceptible to a cross-site

scripting attack. An attacker could use this to expose sensitive

information or gain unintended access. (CVE-2020-27839)

It was discovered that Ceph contained an authentication flaw, leading to

key reuse. An attacker could use this to cause a denial of service or

possibly impersonate another user. (CVE-2021-20288)

Sergey Bobrov discovered that the Ceph dashboard was susceptible to a

cross-site scripting atta...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  ceph                            15.2.12-0ubuntu0.20.10.1
  ceph-base                       15.2.12-0ubuntu0.20.10.1
  ceph-common                     15.2.12-0ubuntu0.20.10.1
  ceph-mgr                        15.2.12-0ubuntu0.20.10.1
  ceph-mgr-cephadm                15.2.12-0ubuntu0.20.10.1
  ceph-mgr-dashboard              15.2.12-0ubuntu0.20.10.1
  ceph-mgr-diskprediction-cloud   15.2.12-0ubuntu0.20.10.1
  ceph-mgr-diskprediction-local   15.2.12-0ubuntu0.20.10.1
  ceph-mgr-k8sevents              15.2.12-0ubuntu0.20.10.1
  ceph-mgr-modules-core           15.2.12-0ubuntu0.20.10.1
  ceph-mgr-rook                   15.2.12-0ubuntu0.20.10.1
  cephadm                         15.2.12-0ubuntu0.20.10.1
  radosgw                         15.2.12-0ubuntu0.20.10.1

Ubuntu 20.04 LTS:
  ceph                            15.2.12-0ubuntu0.20.04.1
  ceph-base                       15.2.12-0ubuntu0.20.04.1
  ceph-common                     15.2.12-0ubuntu0.20.04.1
  ceph-mgr                        15.2.12-0ubuntu0.20.04.1
  ceph-mgr-cephadm                15.2.12-0ubuntu0.20.04.1
  ceph-mgr-dashboard              15.2.12-0ubuntu0.20.04.1
  ceph-mgr-diskprediction-cloud   15.2.12-0ubuntu0.20.04.1
  ceph-mgr-diskprediction-local   15.2.12-0ubuntu0.20.04.1
  ceph-mgr-k8sevents              15.2.12-0ubuntu0.20.04.1
  ceph-mgr-modules-core           15.2.12-0ubuntu0.20.04.1
  ceph-mgr-rook                   15.2.12-0ubuntu0.20.04.1
  cephadm                         15.2.12-0ubuntu0.20.04.1
  radosgw                         15.2.12-0ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4998-1

CVE-2020-25678, CVE-2020-27781, CVE-2020-27839, CVE-2021-20288,

CVE-2021-3509, CVE-2021-3524, CVE-2021-3531

Severity
critical
Lowest
Low
Medium
High
Critical

June 25, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here