========================================================================== Ubuntu Security Notice USN-6063-1 May 09, 2023 ceph vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Ceph. Software Description: - ceph: distributed storage and file system Details: Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3979) It was discovered that Ceph incorrectly handled the volumes plugin. An attacker could possibly use this issue to obtain access to any share. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-0670) It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-3650) It was discovered that Ceph incorrectly handled URL processing on RGW backends. An attacker could possibly use this issue to cause RGW to crash, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3854) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: ceph 17.2.5-0ubuntu0.22.10.3 ceph-base 17.2.5-0ubuntu0.22.10.3 ceph-common 17.2.5-0ubuntu0.22.10.3 Ubuntu 22.04 LTS: ceph 17.2.5-0ubuntu0.22.04.3 ceph-base 17.2.5-0ubuntu0.22.04.3 ceph-common 17.2.5-0ubuntu0.22.04.3 Ubuntu 20.04 LTS: ceph 15.2.17-0ubuntu0.20.04.3 ceph-base 15.2.17-0ubuntu0.20.04.3 ceph-common 15.2.17-0ubuntu0.20.04.3 Ubuntu 18.04 LTS: ceph 12.2.13-0ubuntu0.18.04.11 ceph-base 12.2.13-0ubuntu0.18.04.11 ceph-common 12.2.13-0ubuntu0.18.04.11 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6063-1 CVE-2021-3979, CVE-2022-0670, CVE-2022-3650, CVE-2022-3854 Package Information: https://launchpad.net/ubuntu/+source/ceph/17.2.5-0ubuntu0.22.10.3 https://launchpad.net/ubuntu/+source/ceph/17.2.5-0ubuntu0.22.04.3 https://launchpad.net/ubuntu/+source/ceph/15.2.17-0ubuntu0.20.04.3 https://launchpad.net/ubuntu/+source/ceph/12.2.13-0ubuntu0.18.04.11