Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.133 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2025-21738: ata: libata-sff: ensure that we cannot write...

DLA-4460-1 ceph - security update

Bulletin has no description...

CVE-2025-52555

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...

CVE-2022-50059

In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snaprwsem in handlecapgrant When handlecapgrant is called on an IMPORT op, then the snaprwsem is held and the function is expected to release it before returning. It currently fails to do that in all cases which...

CVE-2022-49770

In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'firstrealm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random...

CVE-2025-22002 netfs: Call `invalidate_cache` only if implemented

In the Linux kernel, the following vulnerability has been resolved: netfs: Call invalidatecache only if implemented Many filesystems such as NFS and Ceph do not implement the invalidatecache method. On those filesystems, if writing to the cache NETFSWRITETOCACHE fails for some reason, the kernel...

Azure Linux 3.0 Security Update: ceph (CVE-2022-3854)

The version of ceph installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3854 advisory. - A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL...

CVE-2024-56563

In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in cephmdscheckaccess getcurrentcred increments the reference counter, but the putcred call was missing...

[SECURITY] [DSA 5825-1] ceph security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5825-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 06, 2024 https://www.debian.org/security/faq -...

OESA-2024-2373 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW...

RHSA-2016:1384 Red Hat Security Advisory: ceph security update

Bulletin has no description...

OPENSUSE-SU-2024:12662-1 ceph-16.2.11.58+g38d6afd3b78-1.1 on GA media

These are all security issues fixed in the ceph-16.2.11.58+g38d6afd3b78-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE-SU-2023:1581-2 Security update for ceph

This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system bsc1201837. - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root bsc1204430. - CVE-2022-3854: Fixed possible Do...

SUSE-SU-2023:1584-1 Security update for ceph

This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system bsc1201837. - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root bsc1204430. - CVE-2022-3854: Fixed possible Do...

SUSE-SU-2023:1581-1 Security update for ceph

This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system bsc1201837. - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root bsc1204430. - CVE-2022-3854: Fixed possible Do...

SUSE-SU-2023:1580-1 Security update for ceph

This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system bsc1201837. - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root bsc1204430. - CVE-2022-3854: Fixed possible Do...

SUSE-SU-2022:4501-1 Security update for ceph

This update for ceph fixes the following issues: ceph was updated to the Pacific release 16.2.9-536-g41a9f9a5573: + bsc1195359, bsc1200553 rgw: check bucket shard init status in RGWRadosBILogTrimCR + bsc1194131 ceph-volume: honour osddmcryptkeysize option CVE-2021-3979 + bsc1200064, Remove last...

SUSE-SU-2022:2818-1 Security update for ceph

This update for ceph fixes the following issues: - Update to 16.2.9-536-g41a9f9a5573: + bsc1195359, bsc1200553 rgw: check bucket shard init status in RGWRadosBILogTrimCR + bsc1194131 ceph-volume: honour osddmcryptkeysize option CVE-2021-3979 - Update to 16.2.9-158-gd93952c7eea: + cmake: check for...

OPENSUSE-SU-2021:0833-1 Security update for ceph

This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - CVE-2021-3509 fix cookie injection issue bsc1186021 - CVE-2021-3531 RGWSwiftWebsiteHandler::iswebdir checks empty subdirname bsc1186020 - CVE-2021-3524 sanitize \r in s3 CORSConfiguration’s ExposeHeader...

SUSE-SU-2021:1835-1 Security update for ceph

This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - CVE-2021-3509 fix cookie injection issue bsc1186021 - CVE-2021-3531 RGWSwiftWebsiteHandler::iswebdir checks empty subdirname bsc1186020 - CVE-2021-3524 sanitize \r in s3 CORSConfiguration’s ExposeHeader...