-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4339-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ceph Debian Bug : 913909 The update for ceph issued as DSA-4339-1 caused a build regression for the i386 builds. Updated packages are now available to address this issue. For reference, the original advisory text follows. Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system: The cephx authentication protocol was susceptible to replay attacks and calculated signatures incorrectly, "ceph mon" did not validate capabilities for pool operations (resulting in potential corruption or deletion of snapshot images) and a format string vulnerability in libradosstriper could result in denial of service. For the stable distribution (stretch), this problem has been fixed in version 10.2.11-2. We recommend that you upgrade your ceph packages. For the detailed security status of ceph please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ceph Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlv10tNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TnSg/9EWpuEYFq8CqFXFKz0GQ7pvOvJXZzg8VRRdGtSqil/yOGLkia7X0C4aox C8zF62JXyALlRjyR7ti2U9RD7E5D+r2jSWjaxHzbHTDYPMQI0U7bww1T2cdj9yze zYl1pebLvWwhnhRF9c1mG1g2CcxHtjU8zxGRKjsjupjF0v/bFL+IN1OcyjEeCVG5 yDwjU8h9ux3FbLxxSGHLl8Yzk/Q0WAOo2KcxIva/0mTZ5zDxwJlltbkw0pC8gcKd RQFU+J88oOUbNF4n2HxK3OATJhiOmrQ8xBy4E50AE7GuRDoJYcDfSmEkBVBwxOTN QmTNxyd/vooUkF6eXhJHJ45cm8QWALoYH4MzPVrBTYLx985WVQ2Q4pa1vv7hPfz6 kllnsJO9ZjyT4POvGihfR3W0y2Cb8tTe/x0WHci/0uTEBvnhAIrUpjfTO30ajGXe QitdTxZA955O/JtpdwyqRGywZXJyrtjJTqaZeQA1G2bKC9e6h19kwi2WX8qYXTdQ N3gK//BeWkaE6EylB6c6aionmN5AuVEd5jmZ+GO1BfOq3/oRSKfQcDJly6JG7UaM 0jpT85eIYiNQc6JvZ+78NwxrqVgAnKq8F7ejsT4FQyQkZxcjljyyix+y6iAPhAut bunmOl3Q/U8JE8FzDuJA/rKXhXdSGCUMytTwuXo1pLY+m5JBz/c= =UHIj -----END PGP SIGNATURE-----