Debian alert DLA-2171-1 (ceph)

From:
             
 
"Chris Lamb" <lamby@debian.org> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 2171-1] ceph security update 
Date:
             
 
Thu, 09 Apr 2020 12:29:20 +0100
Message-ID:
             
 
<d1608c85-e59a-4b70-a65f-0d95b544574e@sloti26t01>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ceph
Version        : 0.80.7-2+deb8u4
CVE ID         : CVE-2020-1760
Debian Bug     : #956142

It was discovered that there was a header-splitting vulnerability
in ceph, a distributed storage and file system.

For Debian 8 "Jessie", this issue has been fixed in ceph version
0.80.7-2+deb8u4.

We recommend that you upgrade your ceph packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl6PBvYACgkQHpU+J9Qx
HljYFQ//YAajhagEYEj47BS1K/NCxOWxISvctIAM4kZyuoVgPZ/bRHR0tOe2+I25
l2A/YqO1LYhQvcz1EdYSlk2/dnCoOsWausm1riK8JTuzkfGDjj6OR7q5wWXY17mT
nuI5O8HGKpOKRxNbH5Cw5whgp4ZpnlK+kYjk4ODo/ibYA8jQWYLz/TXRzLpVZU+Q
cO4rlz/eG+4Y3tgW//zehQBsncKDSdyVSqNgcTfujWHrWUP7h86qyxLgJv+rXiwL
s6j7LGlMfFI10n7YEBxpDCO0quakN0LeYk+0W0D2bmWNHhlxLP83q92eAUOzJ6Cn
hhmtdEoUxHL+JlYl6NpDF7MHgGWYwWib2VVW9c9X9FLs5MI3ojgMfKmdRSiTnzOi
BK2vExiSvUG9ol73zl4GRp5tpGao1t2JxwifqFRA+q90A9JMp2YnacTlFPkfURug
3Y/0Nxyy6NZ8890q3rRYZsvvXFDS1LKyrYrsxIdWO3yTF1hvk8dTLAb7/+py6tNF
GoYOYD5nBSQXSqnPgX01McE/MKCsOPqux/+rqm9aQn+0t5teYj9c8ILPNWwodUFS
LCgJwKiAzkfHUNPTiEb63bdDTT+Xco5sEPkjSFH/80kNT7+d1hcCN3biDCRYt/bV
Xh44EnhjQ0k2eFKDlStWFjAtmq50hOGBvLNQ1jyLQZoX6ybEIyw=
=hECp
-----END PGP SIGNATURE-----