[SECURITY] [DLA 1696-1] ceph security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1696-1] ceph security update
From: Markus Koschany <apo@debian.org>
Date: Fri, 1 Mar 2019 18:52:22 +0100
Message-id: <[🔎] 939418a2-394b-0803-3d11-35d43a5a053f@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ceph
Version        : 0.80.7-2+deb8u3
CVE ID         : CVE-2018-14662 CVE-2018-16846
Debian Bug     : 921948 921947

Several vulnerabilities were discovered in Ceph, a distributed storage
and file system.

CVE-2018-14662

    It was found that authenticated ceph users with read only
    permissions could steal dm-crypt encryption keys used in ceph disk
    encryption.

CVE-2018-16846

    It was found that authenticated ceph RGW users can cause a denial of
    service against OMAPs holding bucket indices.

For Debian 8 "Jessie", these problems have been fixed in version
0.80.7-2+deb8u3.

We recommend that you upgrade your ceph packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx5cVZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQLfA//Sxj8HS2+kxMBEzeZHEQ1jklRgVnwqY04KZ63JdCj2vz6ddSq1tGOHDvu
QrUl2eJa/qP7zkoDDCpkMTVPDJpMZzYrheKQh/xe0L8nQFb5UVAQEOnloU/rMzzH
XePSkQfzuhxdSNLUdv+PibgbYHYN7cZb7UMoF3en3sIsraxfbDZAEsMcGNaqzNIJ
eQLS21uimCw4yjNUQKi0zhb2kqeMmigZUfMvOMQp8w/mmDkCMU5q03p8Gh6R6T1D
G7RQF7HfAiizNK5GAPOB6rbmmjeugt8zMdRwF80UuJNA0XxNXW205bR5Q+YeQ1KM
kYzK2Lqb1UPjf7Tbag6exAtnUtOGfCUwC5W6kDo9prdhqZ5UcEYL64vTrfkq/onM
olQteTVuC6D0SRuGYtq0u74zRhQJFI0U1hsg1eG1Jg0LBbZ8apAJoZ5uKqZ+hf6B
N8M6KrXH2n1qAfBtB7IckoUMqduM1XiLz475JYZLAjxgNRGsozkr8HR8BeEuhwiR
jE/KDSHd1b9rAJNJtvCgtO3j3qKFEP78xzYvaYxxnG9wGWNCepMrNlhSRLEynsuO
fv02e6sZXAG76jCABTqZvS6Zi9nI47VWQE3I0XuhEvfRUgZQPCEKEjPNPQY+1l16
7SwvNp55qla784zxzEZLN+Jcbn/8GWBSz0VFcRsuWmRvHPMTdeU=
=pTXg
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1700-1] uw-imap security update
Next by Date: [SECURITY] [DLA 1701-1] openssl security update
Previous by thread: [SECURITY] [DLA 1700-1] uw-imap security update
Next by thread: [SECURITY] [DLA 1701-1] openssl security update
Index(es):
- Date
- Thread