DSA-4339-2 ceph -- cephID: oval:org.secpod.oval:def:53465 | Date: (C)2019-06-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
The update for ceph issued as DSA-4339-1 caused a build regression for the i386 builds. Updated packages are now available to address this issue. For reference, the original advisory text follows. Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system: The cephx authentication protocol was susceptible to replay attacks and calculated signatures incorrectly, "ceph mon" did not validate capabilities for pool operations and a format string vulnerability in libradosstriper could result in denial of service.