Branch sisyphus update bulletin.

Package ceph updated to version 0.94.4-alt1 for branch sisyphus in task 151896.

Published: 2015-12-03
Modified: 2024-11-21

CVE-2015-5245

CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.

Severity: MEDIUM (4.3)

References:

[Ceph-announce] 20151019 v0.94.4 Hammer released
[Ceph-announce] 20151019 v0.94.4 Hammer released
http://tracker.ceph.com/issues/12537
http://tracker.ceph.com/issues/12537
RHSA-2015:2512
RHSA-2015:2512

Published: 2018-07-31
Modified: 2024-11-21

CVE-2016-8626

A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

RHSA-2016:2815
RHSA-2016:2815
RHSA-2016:2816
RHSA-2016:2816
RHSA-2016:2847
RHSA-2016:2847
RHSA-2016:2848
RHSA-2016:2848
http://tracker.ceph.com/issues/17635
http://tracker.ceph.com/issues/17635
94488
94488
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626

Version: 2.1.0

Branch sisyphus update on 2015-10-21

ALT-BU-2015-2699-1

ALT-PU-2015-1896-1

Closed vulnerabilities

CVE-2015-5245

CVE-2016-8626