75 matches found
PT-2021-5763
Name of the Vulnerable Software and Affected Versions ceph versions prior to 14.2.20 Description The issue is related to a flaw in the authentication procedure of the ceph storage network, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and caus...
SUSE-SU-2019:1287-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS - CVE-2018-12127:...
Updated kernel-tmb packages fixes security vulnerabilities
This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...
Privilege Escalation
cephx is vulnerable to privilege escalation attacks. This is because cephx authentication protocol does not verify ceph clients correctly. An attacker who has access to the ceph cluster network is able to sniff packets on the network...
Authentication Bypass
cephx protocol is vulnerable to authentication bypass attacks. This is because the way signature calculation was handled by cephx authentication protocol. An attacker who has access to ceph cluster network is able to alter the message payload which leads to bypass signature checks done by cephx...
openSUSE Security Update : ceph (openSUSE-2019-1284)
This update for ceph version 13.2.4 fixes the following issues : Security issues fixed : - CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety bsc1111177 - CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon bsc1099162 - CVE-2018-1128: Fixed signature check bypass i...
Security update for ceph (moderate)
openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2019:1284-1 Rating: moderate References: 1084645 1086613 1096748 1099162 1101262 1111177 1114567 1114710 Cross-References: CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 CVE-2018-14662 CVE-2018-16846 Affected Products:...
[SECURITY] [DLA 1715-1] linux-4.9 security update
Package : linux-4.9 Version : 4.9.144-3.1deb8u1 CVE ID : CVE-2017-18249 CVE-2018-1128 CVE-2018-1129 CVE-2018-3639 CVE-2018-5391 CVE-2018-5848 CVE-2018-6554 CVE-2018-12896 CVE-2018-13053 CVE-2018-13096 CVE-2018-13097 CVE-2018-13100 CVE-2018-13406 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612...
MGASA-2019-0098 Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the...
SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2980-1)
The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-14617: Prevent NULL pointer dereference and panic in hfspluslookup when opening a file that is purportedly a hard link in an hfs+ filesystem that has malform...
MGASA-2018-0487 Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.89 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the Intel...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.89 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the Intel...
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13093: Prevent NULL pointer dereference and panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. Th...
SUSE-SU-2018:2193-1 Security update for ceph
This update for ceph fixes the following issues: - Update to version 12.2.7-420-gc0ef85b854: https://ceph.com/releases/12-2-7-luminous-released/ luminous: osd: eternal stuck PG in 'unfoundrecovery' bsc1094932 bluestore: db.slow used when db is not full bsc1092874 CVE-2018-10861: Ensure that...
Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update
An update for ceph is now available for Red Hat Ceph Storage 2.5 for Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 7 : Red Hat Ceph Storage 3.0 (RHSA-2018:2177)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2177 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...
Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 3.0 security and bug fix update
An update for ceph is now available for Red Hat Ceph Storage for Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
ceph: cephx protocol is vulnerable to replay attack
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to the ceph cluster network who is also able to sniff packets on the network can use this vulnerability to authenticate with ceph service and perfo...
ceph: cephx uses weak signatures
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network, who is able to alter the message payload, was able to bypass signature checks done by cephx protocol...