|
|
Subscribe / Log in / New account

Ubuntu alert USN-7706-1 (ceph)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7706-1] Ceph vulnerabilities


Date:
              Thu, 21 Aug 2025 05:13:16 +0000


Message-ID:
              <E1uoxbw-0006QD-3Z@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7706-1
August 20, 2025

ceph vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Ceph.

Software Description:
- ceph: distributed storage and file system

Details:

It was discovered that Ceph incorrectly handled read-only permissions. An
authenticated attacker could use this issue to obtain dm-crypt encryption
keys. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-14662)

Sergey Bobrov discovered that Ceph’s RadosGW (Ceph Object Gateway) allowed
the injection of HTTP headers in responses to CORS requests. An attacker
could possibly use this issue to compromise system integrity. This issue
only
affected Ubuntu 16.04 LTS. (CVE-2021-3524)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  ceph                            10.2.11-0ubuntu0.16.04.3+esm2
                                  Available with Ubuntu Pro
  ceph-common                     10.2.11-0ubuntu0.16.04.3+esm2
                                  Available with Ubuntu Pro
  radosgw                         10.2.11-0ubuntu0.16.04.3+esm2
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  ceph                            0.80.11-0ubuntu1.14.04.4+esm3
                                  Available with Ubuntu Pro
  ceph-common                     0.80.11-0ubuntu1.14.04.4+esm3
                                  Available with Ubuntu Pro
  radosgw                         0.80.11-0ubuntu1.14.04.4+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7706-1
  CVE-2018-14662, CVE-2021-3524




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmimqUQACgkQcpJm3tlz
hgHDURAAibM9LkOsFnfF1BtOnHTKmiakAKx4b6hL90b2001eVgQIsy73/1dCkIC0
5rssyy51JqxH2I9Um2MJYR4yuKzeR+eArLDK4PdfnYXAhHDW37g4fanClmljg21G
QJjHMCu6QscPrj20SAZcuUPJ/ktuPrch3Lhi4mO4mNuMiMzd8DtPBS62dfjskP5Z
zpCHyYjswq9H6L/GExDAkAMHCBFbIqZVxAnPERiN9UeqA+O+74MDzfO1xUMJfHK7
Be/J1CdBafSqh+2SpspY+yau8M1FFQLgXaYPFzzJvvs2AO4El6CyvCDtm39GaFnY
YTB9pEghLkvxy0/N5R+8Fp7iPoNq4pG/v90S7+vMWmAsNMD3rTO5/zpQOFGnCO6Q
eef+7S8ZjMrK+ql4En1bids04tJdis2KxSTDtkD8luWdRmDsXdSwdo1h7HSoGccj
ZzJOeDVVXBvfn9pBJDwxU5vcblhXBLS/81lNfhQTJEXoGeFdLAYf1dZJHGV2pV8r
EJJu1mSuaU6FFM8YL7bcSoms5+MWg1XN02iwq4xs3LBqmJ90Y5sV6aQXwnPnZ5Pi
bVJLe7M9KHzc0Y5eKNUZ9vNZsRpdmOa01BbUeSf6ckQvaBYN+h/4+bIlX+sVwdIN
0URyzTqI6P2Pu2OOhnPIRiuXOEoEz5MGxG9pJHM4iPVHtmC2OQk=
=JGy8
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds