Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Ubuntu 21.04 Security Advisory USN-5128-1: Ceph Flaws and Threats

ubuntu
Calendar Grey November 1, 2021
Dist Ubuntu Esm H88
This notification outlines various vulnerabilities associated with Ceph on Ubuntu versions 18.04 and 21.04, providing instructions for necessary patches to reduce exposure to threats.
Several security issues were fixed in Ceph.

Summary

Several security issues were fixed in Ceph.

Software Description:

- ceph: distributed storage and file system

Details:

Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user

credentials in Ceph could be manipulated in certain environments. An

attacker could use this to gain unintended access to resources. This issue

only affected Ubuntu 18.04 LTS. (CVE-2020-27781)

It was discovered that Ceph contained an authentication flaw, leading to

key reuse. An attacker could use this to cause a denial of service or

possibly impersonate another user. This issue only affected Ubuntu 21.04.

(CVE-2021-20288)

Sergey Bobrov discovered that the Ceph dashboard was susceptible to a

cross-site scripting attack. An attacker could use this to expose sensitive

information or gain unintended access. This issue only affected Ubuntu

21.04. (CVE-2021-3509)

Sergey Bobrov discovered that Ceph's RadosGW (Ceph Object Gateway) allowed

the injection of HTTP headers in ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  ceph                            16.2.6-0ubuntu0.21.04.2
  ceph-base                       16.2.6-0ubuntu0.21.04.2
  ceph-common                     16.2.6-0ubuntu0.21.04.2

Ubuntu 18.04 LTS:
  ceph                            12.2.13-0ubuntu0.18.04.10
  ceph-base                       12.2.13-0ubuntu0.18.04.10
  ceph-common                     12.2.13-0ubuntu0.18.04.10

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5128-1

CVE-2020-27781, CVE-2021-20288, CVE-2021-3509, CVE-2021-3524,

CVE-2021-3531

Severity
critical
Lowest
Low
Medium
High
Critical

November 01, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.