Information on source package ceph

Available versions

ReleaseVersion
jessie0.80.7-2+deb8u6
stretch10.2.11-2+deb9u2
stretch (security)10.2.11-2+deb9u1
buster12.2.11+dfsg1-2.1
buster (security)12.2.11+dfsg1-2.1+deb10u1
bullseye14.2.21-1
bookworm16.2.11+ds-2
trixie16.2.11+ds-5
sid18.2.1+ds-5

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-43040fixedfixedfixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedImproperly verified POST keys
CVE-2022-3650fixedfixedfixedvulnerable (no DSA)fixedfixedfixedA privilege escalation flaw was found in Ceph. Ceph-crash.service allo ...
CVE-2022-0670fixedfixedfixedvulnerable (no DSA)fixedfixedfixedA flaw was found in Openstack manilla owning a Ceph File system "share ...
CVE-2021-20288vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedAn authentication flaw was found in ceph in versions before 14.2.20. W ...
CVE-2021-3979vulnerable (no DSA)vulnerable (no DSA)fixedvulnerable (no DSA)fixedfixedfixedA key length flaw was found in Red Hat Ceph Storage. An attacker can e ...
CVE-2020-27781fixedvulnerable (no DSA, postponed)fixedfixedfixedfixedfixedUser credentials can be manipulated and stolen by Native CephFS consum ...
CVE-2020-25678vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedA flaw was found in ceph in versions prior to 16.y.z where ceph stores ...
CVE-2018-16889fixedvulnerable (no DSA, postponed)fixedfixedfixedfixedfixedCeph does not properly sanitize encryption keys in debug logging for v ...
CVE-2018-10861vulnerable (no DSA)fixedfixedfixedfixedfixedfixedA flaw was found in the way ceph mon handles user requests. Any authen ...
CVE-2018-1129vulnerable (no DSA)fixedfixedfixedfixedfixedfixedA flaw was found in the way signature calculation was handled by cephx ...
CVE-2018-1128vulnerable (no DSA)fixedfixedfixedfixedfixedfixedIt was found that cephx authentication protocol did not verify ceph cl ...

Resolved issues

BugDescription
CVE-2022-3854A flaw was found in Ceph, relating to the URL processing on RGW backen ...
CVE-2021-3531A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...
CVE-2021-3524A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...
CVE-2021-3509A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...
CVE-2020-27839A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for ...
CVE-2020-25660A flaw was found in the Cephx authentication protocol in versions befo ...
CVE-2020-12059An issue was discovered in Ceph through 13.2.9. A POST request with an ...
CVE-2020-10753A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...
CVE-2020-10736An authorization bypass vulnerability was found in Ceph versions 15.2. ...
CVE-2020-1760A flaw was found in the Ceph Object Gateway, where it supports request ...
CVE-2020-1759A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Opensh ...
CVE-2020-1700A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...
CVE-2020-1699A path traversal flaw was found in the Ceph dashboard implemented in u ...
CVE-2019-19337A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph ...
CVE-2019-10222A flaw was found in the Ceph RGW configuration with Beast as the front ...
CVE-2019-3821A flaw was found in the way civetweb frontend was handling requests fo ...
CVE-2018-16846It was found in Ceph versions before 13.2.4 that authenticated ceph RG ...
CVE-2018-14662It was found Ceph versions before 13.2.4 that authenticated ceph users ...
CVE-2018-7262In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGW ...
CVE-2017-16818RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticate ...
CVE-2017-7519In Ceph, a format string flaw was found in the way libradosstriper par ...
CVE-2016-9579A flaw was found in the way Ceph Object Gateway would process cross-or ...
CVE-2016-8626A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object ...
CVE-2016-7031The RGW code in Ceph before 10.0.1, when authenticated-read ACL is app ...
CVE-2016-5009The handle_command function in mon/Monitor.cc in Ceph allows remote au ...
CVE-2015-5245CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw o ...

Security announcements

DSA / DLADescription
ELA-1000-1ceph - security update
DLA-3629-1ceph - security update
DLA-2735-1ceph - security update
ELA-471-1ceph - security update
DLA-2171-1ceph - security update
DLA-1696-1ceph - security update
DSA-4339-2ceph - regression update
DSA-4339-1ceph - security update

Search for package or bug name: Reporting problems