Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Ceph.
Software Description:
- ceph: distributed storage and file system
Details:
Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths.
An attacker could possibly use this issue to create non-random encryption
keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-3979)
It was discovered that Ceph incorrectly handled the volumes plugin. An
attacker could possibly use this issue to obtain access to any share. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-0670)
It was discovered that Ceph incorrectly handled crash dumps. A local
attacker could possibly use this issue to escalate privileges to root. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-3650)
It was discovered that Ceph incorrectly handled URL processing on RGW
backends. An attacker could possibly use this issue to cause RGW to cr...
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: ceph 17.2.5-0ubuntu0.22.10.3 ceph-base 17.2.5-0ubuntu0.22.10.3 ceph-common 17.2.5-0ubuntu0.22.10.3 Ubuntu 22.04 LTS: ceph 17.2.5-0ubuntu0.22.04.3 ceph-base 17.2.5-0ubuntu0.22.04.3 ceph-common 17.2.5-0ubuntu0.22.04.3 Ubuntu 20.04 LTS: ceph 15.2.17-0ubuntu0.20.04.3 ceph-base 15.2.17-0ubuntu0.20.04.3 ceph-common 15.2.17-0ubuntu0.20.04.3 Ubuntu 18.04 LTS: ceph 12.2.13-0ubuntu0.18.04.11 ceph-base 12.2.13-0ubuntu0.18.04.11 ceph-common 12.2.13-0ubuntu0.18.04.11 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6063-1
CVE-2021-3979, CVE-2022-0670, CVE-2022-3650, CVE-2022-3854
Get the latest Linux and open source security news straight to your inbox.