FS#67047 - [security][ceph] CVE-2020-1759 CVE-2020-1760

Attached to Project: Community Packages
Opened by loqs (loqs) - Friday, 19 June 2020, 17:29 GMT
Last edited by Thore Bödecker (foxxx0) - Sunday, 22 November 2020, 16:30 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Levente Polyak (anthraxx)
Thore Bödecker (foxxx0)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Ceph 14.2.9 [1] / 15.2.1 [2] releases notes mention 14.2.8 was vulnerable to the CVEs in the title.

Additional info:
* ceph 14.2.8-1
[1] https://ceph.readthedocs.io/en/latest/releases/nautilus/#v14-2-9-nautilus
[2] https://ceph.readthedocs.io/en/latest/releases/octopus/#v15-2-1-octopus
This task depends upon

Closed by  Thore Bödecker (foxxx0)
Sunday, 22 November 2020, 16:30 GMT
Reason for closing:  Fixed
Additional comments about closing:  fixed as of ceph-15.2.6-1
Comment by loqs (loqs) - Friday, 23 October 2020, 08:11 GMT
Mostly the same changes as in  FS#68387  updated to 14.2.11
Additionally update fix-mgr-dashboard-frontend-unittests-dist-stuff.patch
Add -DWITH_RADOSGW_KAFKA_ENDPOINT=OFF otherwise a test will fail even though autodetection correctly detects the packages is not present.
Comment by loqs (loqs) - Tuesday, 27 October 2020, 06:33 GMT
Updated to 14.2.12. Required adjusting fix-mgr-dashboard-frontend-unittests-dist-stuff.patch and use-system-zstd-and-fix-zstd-1.4.0-compatbility.patch.
598c37296c944a056e4cd90e9f73c9e2fa6552fc.patch and 84f629e1b1c8b336b9ce6bcc2466010045e68e7e.patch were no longer needed as applied upstream.

Still working on 15.2.5 see [1].

[1] https://bbs.archlinux.org/viewtopic.php?id=259163

Loading...