Univention Bugzilla – Full Text Bug Listing |
Summary: | ceph: Multiple issues (4.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-2-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 5.9 (CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L) |
Description
Quality Assurance
2018-11-19 12:47:48 CET
The i386 build failed for Debian: <https://packages.debian.org/stretch/ceph> --- mirror/ftp/4.3/unmaintained/4.3-0/source/ceph_10.2.5-7.2.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/ceph_10.2.11-2.dsc @@ -1,3 +1,32 @@ +10.2.11-2 [Mon, 19 Nov 2018 21:29:23 +0100] Gaudenz Steinlin <gaudenz@debian.org>: + + [ James Page ] + * [d34d35] Fix build on i386 (Closes: #913909) + +10.2.11-1 [Fri, 09 Nov 2018 14:45:23 +0100] Gaudenz Steinlin <gaudenz@debian.org>: + + * [1aebf9] New upstream version 10.2.11 + Fixes the following security vulnerabilities: + - CVE-2017-7519: libradosstripper printf format string injection + vulnerability + - CVE-2018-1128: The cephx authentication protocol was vulnerable to a + replay attack. + - CVE-2018-1129: Cephx signature calculation did not cover the whole message + being sent. This allowed an attacker to alter parts of the message. + - CVE-2018-1086: A flaw was found in the way ceph mon handles user requests. + Any authenticated ceph user having read access to ceph can delete, create + ceph storage pools and corrupt snapshot images. + * [20b8e7] Replace sleep-recover.patch by reconnect-after-mds-reset.patch + * [33f8d2] Remove CVE-2016-9597 patch applied upstream + * [a9c2ee] Remove disable-openssl-linking.patch fixed upstream + The upstream solution requires a build dependency on libssl-dev to be + able to look up the sonames. The resulting code is not linked against + libssl but can dlopen it at runtime. + * [edc23d] Remove osd-limit-omap-data-in-push-op.patch applied upstream + * [9dd30c] Remove rgw_rados-creation_time.patch applied upstream + * [fff91f] Refresh patches + * [c2925f] Update symbols for librbd1 (added in 10.2.6) + 10.2.5-7.2 [Wed, 07 Jun 2017 11:39:39 +0300] Adrian Bunk <bunk@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.3-2/#6273761613152912784> OK: yaml OK: announce_errata OK: patch ~OK: piuparts The failure ceph-base can be ignored: a conffile is missing after purging [4.3-2] e589ceb863 Bug #48179: ceph 10.2.11-2 doc/errata/staging/ceph.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) [4.3-2] 17f24c4cdb Bug #48179: ceph 10.2.11-2 doc/errata/staging/ceph.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) [4.3-2] a5c742d6b1 Bug #48179: ceph 10.2.11-1 doc/errata/staging/ceph.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) |