lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 13 Nov 2018 21:48:36 +0000
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4339-1] ceph security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4339-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 13, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ceph
CVE ID         : CVE-2017-7519 CVE-2018-1086 CVE-2018-1128 CVE-2018-1129

Multiple vulnerabilities were discovered in Ceph, a distributed storage
and file system: The cephx authentication protocol was suspectible to
replay attacks and calculated signatures incorrectly, "ceph mon" did not
validate capabilities for pool operations (resulting in potential
corruption or deletion of snapshot images) and a format string
vulnerability in libradosstriper could result in denial of service.

For the stable distribution (stretch), these problems have been fixed in
version 10.2.11-1.

We recommend that you upgrade your ceph packages.

For the detailed security status of ceph please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ceph

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvrRh8ACgkQEMKTtsN8
TjZEMQ//Q+eJMDB8yf5vNc8V7ilNffYAWjhAH17XqhRnS67I1WeH5vfypdN9XGNa
tipNdP33uFt9NuUl2+bP7KBV3G/Ie/SaFibERmBVg+WRV7y0mwBKt5F8WA9JFelH
lHBSBK0v0e9qK9eM96sOZx3QpTU1wxdDGPzgqiUeb6aosIx0J3cvjvwt/+co1y4n
7EFwG+Ujro5UBC8XzrDIxoCJas2FKFzcPVyKvRQvrY9Iz8RJ3FdomAkzSXwQLGGP
CRIX4GVN77t2NFhgvZk0C6/YL6JvBjdKcXb9KoOQSUWvh+dIlvIaV4xk2CBNIi/y
Fy+o3tG/0YIIjTsDkEdrBykRsaJnZUA4r4ws7gstbXPhBrISXliI75yIro47Smh+
TOW94uY3cVl4b6LdOeIlmNIJ3T1ck8QJ28ZAoWW/zFBJIlTqVqiOCOU1veTZkLI3
ScwQBDvUlrP2AppH51D/VHzsEcVCekRQsXKWaV9mlHr+Q37QJUXwsGjHNHgGG1GW
cGhOm5Mjwq7bMsBIJxjeu3LVUig3++D+MGwkCdr0lOdIqbe7qhuZzkJj69S1baVm
YxHUbVqtBBEKORYH7ItMQoQ9NRzTdpwm48nhH7VHnibD8jFZ9o0VEWYupf1DEHkM
8n/nnbaE1KhptV5Q37z3jkhOFR+99XrMV9BJUkzqxKPFXy2m1qo=
=Sruu
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ