Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Ubuntu 23.10 USN-6613-1 Moderate: Ceph Authorization Bypass

ubuntu
Calendar Grey January 29, 2024
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-6614-1 reveals essential patches for a Kubernetes vulnerability affecting multiple Ubuntu versions, enhancing system integrity and security.
Ceph could be made to bypass authorization checks if it received a specially crafted request.

Summary

Ceph could be made to bypass authorization checks if it received a

specially crafted request.

Software Description:

- ceph: distributed storage and file system

Details:

Lucas Henry discovered that Ceph incorrectly handled specially

crafted POST requests. An uprivileged user could use this to

bypass Ceph's authorization checks and upload a file to any bucket.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   ceph                            18.2.0-0ubuntu3.1
   ceph-base                       18.2.0-0ubuntu3.1
   ceph-common                     18.2.0-0ubuntu3.1

Ubuntu 22.04 LTS:
   ceph                            17.2.6-0ubuntu0.22.04.3
   ceph-base                       17.2.6-0ubuntu0.22.04.3
   ceph-common                     17.2.6-0ubuntu0.22.04.3

Ubuntu 20.04 LTS:
   ceph                            15.2.17-0ubuntu0.20.04.6
   ceph-base                       15.2.17-0ubuntu0.20.04.6
   ceph-common                     15.2.17-0ubuntu0.20.04.6

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   ceph                            12.2.13-0ubuntu0.18.04.11+esm1
   ceph-base                       12.2.13-0ubuntu0.18.04.11+esm1
   ceph-common                     12.2.13-0ubuntu0.18.04.11+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   ceph                            10.2.11-0ubuntu0.16.04.3+esm1
   ceph-common                     10.2.11-0ubuntu0.16.04.3+esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   ceph                            0.80.11-0ubuntu1.14.04.4+esm2
   ceph-common                     0.80.11-0ubuntu1.14.04.4+esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6613-1

CVE-2023-43040

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6613-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.