Univention Bugzilla – Bug 53644
ceph: Multiple issues (4.4)
Last modified: 2021-08-11 16:48:34 CEST
New Debian ceph 10.2.11-2+deb9u1 fixes: This update addresses the following issues: * authenticated user with read only permissions can steal dm-crypt / LUKS key (CVE-2018-14662) * ListBucket max-keys has no defined limit in the RGW codebase (CVE-2018-16846) * header-splitting in RGW GetObject has a possible XSS (CVE-2020-1760) * radosgw: HTTP header injection via CORS ExposeHeader tag (CVE-2020-10753) * radosgw: CRLF injection (CVE-2021-3524)
--- mirror/ftp/4.3/unmaintained/4.3-3/source/ceph_10.2.11-2.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/ceph_10.2.11-2+deb9u1.dsc @@ -1,3 +1,30 @@ +10.2.11-2+deb9u1 [Tue, 10 Aug 2021 17:05:21 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2018-14662: + Authenticated ceph users with read only permissions could steal dm-crypt + encryption keys used in ceph disk encryption. + * Fix CVE-2018-16846: + Authenticated ceph RGW users can cause a denial of service against OMAPs + holding bucket indices. + * Fix CVE-2020-10753: + A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). + The vulnerability is related to the injection of HTTP headers via a CORS + ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS + configuration file generates a header injection in the response when the + CORS request is made. + * Fix CVE-2020-1760: + A flaw was found in the Ceph Object Gateway, where it supports request sent + by an anonymous user in Amazon S3. This flaw could lead to potential XSS + attacks due to the lack of proper neutralization of untrusted input. + * A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) + in versions before 14.2.21. The vulnerability is related to the injection of + HTTP headers via a CORS ExposeHeader tag. The newline character in the + ExposeHeader tag in the CORS configuration file generates a header injection + in the response when the CORS request is made. In addition, the prior bug fix + for CVE-2020-10753 did not account for the use of \r as a header separator, + thus a new flaw has been created. + 10.2.11-2 [Mon, 19 Nov 2018 21:29:23 +0100] Gaudenz Steinlin <gaudenz@debian.org>: [ James Page ] <http://piuparts.knut.univention.de/4.4-8/#7826395478664052246>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts common files remain after purge [4.4-8] 7c2f4d6ebb Bug #53644: ceph 10.2.11-2+deb9u1 doc/errata/staging/ceph.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1023>