Debian Security Advisory 4339-1

Debian Security Advisory 4339-1: Posted Nov 15, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4339-1 - Multiple vulnerabilities were discovered in Ceph, a distributed storage replay attacks and calculated signatures incorrectly, "ceph mon" did not validate capabilities for pool operations (resulting in potential corruption or deletion of snapshot images) and a format string vulnerability in libradosstriper could result in denial of service.; tags | advisory, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2017-7519, CVE-2018-1086, CVE-2018-1128, CVE-2018-1129; SHA-256 | c7019432346c7f81c0a0665e9d626906d42c2b89e4a3f57a8aca378822cf9293; Download | Favorite | View

Debian Security Advisory 4339-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4339-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 13, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ceph
CVE ID         : CVE-2017-7519 CVE-2018-1086 CVE-2018-1128 CVE-2018-1129

Multiple vulnerabilities were discovered in Ceph, a distributed storage
and file system: The cephx authentication protocol was suspectible to
replay attacks and calculated signatures incorrectly, "ceph mon" did not
validate capabilities for pool operations (resulting in potential
corruption or deletion of snapshot images) and a format string
vulnerability in libradosstriper could result in denial of service.

For the stable distribution (stretch), these problems have been fixed in
version 10.2.11-1.

We recommend that you upgrade your ceph packages.

For the detailed security status of ceph please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ceph

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvrRh8ACgkQEMKTtsN8
TjZEMQ//Q+eJMDB8yf5vNc8V7ilNffYAWjhAH17XqhRnS67I1WeH5vfypdN9XGNa
tipNdP33uFt9NuUl2+bP7KBV3G/Ie/SaFibERmBVg+WRV7y0mwBKt5F8WA9JFelH
lHBSBK0v0e9qK9eM96sOZx3QpTU1wxdDGPzgqiUeb6aosIx0J3cvjvwt/+co1y4n
7EFwG+Ujro5UBC8XzrDIxoCJas2FKFzcPVyKvRQvrY9Iz8RJ3FdomAkzSXwQLGGP
CRIX4GVN77t2NFhgvZk0C6/YL6JvBjdKcXb9KoOQSUWvh+dIlvIaV4xk2CBNIi/y
Fy+o3tG/0YIIjTsDkEdrBykRsaJnZUA4r4ws7gstbXPhBrISXliI75yIro47Smh+
TOW94uY3cVl4b6LdOeIlmNIJ3T1ck8QJ28ZAoWW/zFBJIlTqVqiOCOU1veTZkLI3
ScwQBDvUlrP2AppH51D/VHzsEcVCekRQsXKWaV9mlHr+Q37QJUXwsGjHNHgGG1GW
cGhOm5Mjwq7bMsBIJxjeu3LVUig3++D+MGwkCdr0lOdIqbe7qhuZzkJj69S1baVm
YxHUbVqtBBEKORYH7ItMQoQ9NRzTdpwm48nhH7VHnibD8jFZ9o0VEWYupf1DEHkM
8n/nnbaE1KhptV5Q37z3jkhOFR+99XrMV9BJUkzqxKPFXy2m1qo=
=Sruu
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 4339-1

Debian Security Advisory 4339-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4339-1

Share This

Debian Security Advisory 4339-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems