Information on source package ceph

Available versions

ReleaseVersion
jessie0.80.7-2+deb8u2
jessie (security)0.80.7-2+deb8u3
stretch (security)10.2.11-2
buster12.2.11+dfsg1-2.1
bullseye12.2.11+dfsg1-2.1
sid12.2.11+dfsg1-2.1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-10222fixedfixedvulnerable (no DSA)vulnerablevulnerableunauthenticated clients can crash RGW
CVE-2018-16889fixedvulnerable (no DSA, postponed)fixedfixedfixedCeph does not properly sanitize encryption keys in debug logging for v ...
CVE-2018-16846fixedvulnerablefixedfixedfixedIt was found in Ceph versions before 13.2.4 that authenticated ceph RG ...
CVE-2018-14662fixedvulnerablefixedfixedfixedIt was found Ceph versions before 13.2.4 that authenticated ceph users ...
CVE-2018-1129vulnerable (no DSA)fixedfixedfixedfixedA flaw was found in the way signature calculation was handled by cephx ...
CVE-2018-1128vulnerable (no DSA)fixedfixedfixedfixedIt was found that cephx authentication protocol did not verify ceph cl ...
CVE-2018-10861vulnerable (no DSA)fixedfixedfixedfixedA flaw was found in the way ceph mon handles user requests. Any authen ...

Resolved issues

BugDescription
CVE-2019-3821A flaw was found in the way civetweb frontend was handling requests fo ...
CVE-2018-7262In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGW ...
CVE-2017-7519In Ceph, a format string flaw was found in the way libradosstriper par ...
CVE-2017-16818RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticate ...
CVE-2016-9579A flaw was found in the way Ceph Object Gateway would process cross-or ...
CVE-2016-8626A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object ...
CVE-2016-7031The RGW code in Ceph before 10.0.1, when authenticated-read ACL is app ...
CVE-2016-5009The handle_command function in mon/Monitor.cc in Ceph allows remote au ...
CVE-2015-5245CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw o ...

Security announcements

DSA / DLADescription
DLA-1696-1ceph - security update
DSA-4339-2ceph - regression update
DSA-4339-1ceph - security update

Search for package or bug name: Reporting problems