Download
| Alert*
oval:org.secpod.oval:def:89003176
This update for ceph to version 12.2.12-594-g02236657ca fixes the following issues: Security issues fixed: - CVE-2018-16889: Fixed missing sanitation of customer encryption keys from log output in v4 auth oval:org.secpod.oval:def:89003088 This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth ... oval:org.secpod.oval:def:116004 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. oval:org.secpod.oval:def:89050751 This update for ceph fixes the following issues: Security issues fixed: - CVE-2019-3821: civetweb: fix file descriptor leak - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth Non-security issues fixed: - install grafana dashboards world readable - upgrade results ... oval:org.secpod.oval:def:55664 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:1900118 Ceph does not properly sanitize encryption keys in debug logging for v4auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. oval:org.secpod.oval:def:50979 Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. |