Download
| Alert*
|
oval:org.secpod.oval:def:89002952
librbd1 is installed oval:org.secpod.oval:def:89003088 This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth ... oval:org.secpod.oval:def:89003176 This update for ceph to version 12.2.12-594-g02236657ca fixes the following issues: Security issues fixed: - CVE-2018-16889: Fixed missing sanitation of customer encryption keys from log output in v4 auth oval:org.secpod.oval:def:89050272 This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHX_V2 authorizer challenges . - Major batch refactor of ceph-volume that addresses a couple of issues - Documented Prometheus" security model - monclient: Fixed an issue where executing several ceph commands in a shor ... oval:org.secpod.oval:def:89050312 This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHX_V2 authorizer challenges . - Added --container-init feature - Made journald as the logdriver again - Fixes a condition check for copy_tree, copy_files, and move_files in cephadm - Fixed a bug where device_health_m ... oval:org.secpod.oval:def:89050751 This update for ceph fixes the following issues: Security issues fixed: - CVE-2019-3821: civetweb: fix file descriptor leak - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth Non-security issues fixed: - install grafana dashboards world readable - upgrade results ... oval:org.secpod.oval:def:89050759 This update for ceph version 13.2.4 fixes the following issues: Security issues fixed: - CVE-2018-14662: Fixed an issue with LUKS "config-key" safety - CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon - CVE-2018-1128: Fixed signature check bypass in cephx - CVE-2018-1129: ... oval:org.secpod.oval:def:89002960 This is a version update for ceph to version 12.2.13: Security issue fixed: - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag . - Notable changes in this update for ceph: * mgr: telemetry: backported and now available on SES5.5. Please consider enabling via quot;ceph telemet ... oval:org.secpod.oval:def:89050255 This update for ceph fixes the following issues: - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag . oval:org.secpod.oval:def:89050452 This update for ceph fixes the following issues: - CVE-2020-1759: Fixed once reuse in msgr V2 secure mode - CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting . oval:org.secpod.oval:def:89002962 This update for ceph fixes the following issues: - CVE-2020-12059: Fixed a denial of service caused by a specially crafted XML payload on POST requests . oval:org.secpod.oval:def:89002949 This update for ceph fixes the following issues: - CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting . oval:org.secpod.oval:def:89050356 This update for ceph fixes the following issues: - CVE-2020-1700: Fixed a denial of service against the RGW server via connection leakage . - CVE-2020-1699: Fixed a information disclosure by improper URL checking . oval:org.secpod.oval:def:89050850 This update for ceph fixes the following issues: Security issue fixed: - CVE-2019-10222: Fixed RGW crash via unauthenticated clients . oval:org.secpod.oval:def:89050536 This update for ceph, ceph-iscsi and ses-manual_en fixes the following issues: Security issues fixed: - CVE-2019-10222: Fixed RGW crash caused by unauthenticated clients. Non-security issues-fixed: - ceph-volume: prints errors to stdout with --format json - mgr/dashboard: Changing rgw-api-host doe ... oval:org.secpod.oval:def:89048052 This update for ceph fixes the following issues: ceph was updated to the Pacific release : + rgw: check bucket shard init status in RGWRadosBILogTrimCR + ceph-volume: honour osd_dmcrypt_key_size option + Remove last vestiges of docker.io image paths + cephadm: prometheus: The generatorURL in al ... oval:org.secpod.oval:def:3300643 SUSE Security Update: Security update for ceph oval:org.secpod.oval:def:89048658 This update for ceph fixes the following issues: Security issues fixed: * CVE-2022-0670: Fixed user/tenant read/write access to an entire file system . * CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root . * CVE-2022-3854: Fixed possible DoS issue in ceph URL pro ... oval:org.secpod.oval:def:89047789 This update for ceph fixes the following issues: - Update to 16.2.9-536-g41a9f9a5573: + rgw: check bucket shard init status in RGWRadosBILogTrimCR + ceph-volume: honour osd_dmcrypt_key_size option - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python\. when building boost + make-dist: pa ... oval:org.secpod.oval:def:89044269 This update for ceph fixes the following issues: - ceph was updated to 14.2.20-402-g6aa76c6815: * CVE-2021-20288: Fixed unauthorized global_id reuse . * CVE-2020-25678: Do not add sensitive information in Ceph log files . * CVE-2020-27839: Use secure cookies to store JWT Token . * mgr/dashboard: pro ... oval:org.secpod.oval:def:89047254 This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: * CVE-2021-20288: Fixed unauthorized global_id reuse . * disk gets replaced with no rocksdb/wal . * BlueStore handles huge writes from RocksDB to BlueFS poorly, potentially causing data corruption . oval:org.secpod.oval:def:89050428 This update for ceph fixes the following issues: Security issue fixed: - CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface . Non-security issues fixed: - Update to 15.2.8-80-g1f4b6229ca: + Rebase on tip of upstream "octopus" branch, SHA1 bdf3eebcd22d7d0b3dd4d55 ... oval:org.secpod.oval:def:89047173 This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - fix cookie injection issue - RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name - sanitize \r in s3 CORSConfiguration's ExposeHeader oval:org.secpod.oval:def:1701873 A flaw was found in rgw. This flaw allows an unprivileged user to write to any bucket accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket acces ... |
