Ubuntu Security Notice 6063-1 - Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that Ceph incorrectly handled the volumes plugin. An attacker could possibly use this issue to obtain access to any share. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
95dd03f74a9a721eed466e8920212bc9973fb3052f53fcc9554d358a668e9123==========================================================================
Ubuntu Security Notice USN-6063-1
May 09, 2023
ceph vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Ceph.
Software Description:
- ceph: distributed storage and file system
Details:
Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths.
An attacker could possibly use this issue to create non-random encryption
keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-3979)
It was discovered that Ceph incorrectly handled the volumes plugin. An
attacker could possibly use this issue to obtain access to any share. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-0670)
It was discovered that Ceph incorrectly handled crash dumps. A local
attacker could possibly use this issue to escalate privileges to root. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-3650)
It was discovered that Ceph incorrectly handled URL processing on RGW
backends. An attacker could possibly use this issue to cause RGW to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 22.10. (CVE-2022-3854)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
ceph 17.2.5-0ubuntu0.22.10.3
ceph-base 17.2.5-0ubuntu0.22.10.3
ceph-common 17.2.5-0ubuntu0.22.10.3
Ubuntu 22.04 LTS:
ceph 17.2.5-0ubuntu0.22.04.3
ceph-base 17.2.5-0ubuntu0.22.04.3
ceph-common 17.2.5-0ubuntu0.22.04.3
Ubuntu 20.04 LTS:
ceph 15.2.17-0ubuntu0.20.04.3
ceph-base 15.2.17-0ubuntu0.20.04.3
ceph-common 15.2.17-0ubuntu0.20.04.3
Ubuntu 18.04 LTS:
ceph 12.2.13-0ubuntu0.18.04.11
ceph-base 12.2.13-0ubuntu0.18.04.11
ceph-common 12.2.13-0ubuntu0.18.04.11
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6063-1
CVE-2021-3979, CVE-2022-0670, CVE-2022-3650, CVE-2022-3854
Package Information:
https://launchpad.net/ubuntu/+source/ceph/17.2.5-0ubuntu0.22.10.3
https://launchpad.net/ubuntu/+source/ceph/17.2.5-0ubuntu0.22.04.3
https://launchpad.net/ubuntu/+source/ceph/15.2.17-0ubuntu0.20.04.3
https://launchpad.net/ubuntu/+source/ceph/12.2.13-0ubuntu0.18.04.11
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed