FS#70450 : [ceph] [Security] insufficient validation (CVE-2021-20288)

FS#70450 - [ceph] [Security] insufficient validation (CVE-2021-20288)

Attached to Project: Community Packages
Opened by Andrea Denisse Gómez-Martínez (denisse) - Wednesday, 14 April 2021, 20:23 GMT
Last edited by Thore Bödecker (foxxx0) - Sunday, 16 May 2021, 18:13 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Thore Bödecker (foxxx0)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	2 Jonas Witschel (diabonas) (2021-05-14) Andrea Denisse Gómez-Martínez (denisse) (2021-04-14)
Private	No

Details

Summary
=======

The package ceph is vulnerable to insufficient validation via CVE-2021-20288.

Guidance
========

Apply the packages that were published upstream.

References
==========

https://security.archlinux.org/AVG-1826
https://www.openwall.com/lists/oss-security/2021/04/14/2
https://github.com/ceph/ceph/commit/f3a4166379b12d4a7bba667fe761e5b660552db1
https://github.com/ceph/ceph/commit/1f57617d5edb45a8a696eac7c910e8fc44c934a3
https://github.com/ceph/ceph/commit/9f3efe7cd1a780b91e5c8cfee192a0c51d0151dc

This task depends upon

Closed by Thore Bödecker (foxxx0)
Sunday, 16 May 2021, 18:13 GMT
Reason for closing: Fixed
Additional comments about closing: 15.2.12 packages are now available in our repo

Comment by Jonas Witschel (diabonas) - Friday, 14 May 2021, 19:39 GMT

Ceph is vulnerable to three further security issues (CVE-2021-3509, CVE-2021-3524, CVE-2021-3531). All issues, including CVE-2021-20288, are fixed by upgrading Ceph to the latest version 5.2.12 (https://github.com/ceph/ceph/releases/tag/v15.2.12).

	Tasks related to this task (0)

Duplicate tasks of this task (1)
~~FS#70451 - [ceph] [Security] insufficient validation (CVE-2021-20288)~~

Arch Linux

FS#70450 - [ceph] [Security] insufficient validation (CVE-2021-20288)

Details

Loading...