Package ceph updated to version 12.2.12-alt0.M80P.1 for branch p8 in task 227365.

Published: 2019-01-07

BDU:2020-01537

Уязвимость системы хранения данных Ceph, связанная с ошибкой процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к ключам шифрования dm-crypt

Severity: MEDIUM (5.7) Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2018-14662

Published: 2019-01-07

BDU:2020-01538

Уязвимость системы хранения данных Ceph, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2018-16846

Published: 2019-01-16
Modified: 2024-11-21

CVE-2018-14662

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

Severity: MEDIUM (5.7) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2019-01-15
Modified: 2024-11-21

CVE-2018-16846

It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2019-01-28
Modified: 2024-11-21

CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Version: 2.1.0

Package ceph update in p8 on 2019-04-22

ALT-PU-2019-1711-1

Closed vulnerabilities

BDU:2020-01537

BDU:2020-01538

CVE-2018-14662

CVE-2018-16846

CVE-2018-16889