18 matches found
SUSE: Security Advisory (SUSE-SU-2020:3459-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:3473-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-4706-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4706-1 ceph vulnerabilities
Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. CVE-2020-10736 Adam Mohammed found...
USN-4706-1: Ceph vulnerabilities
Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. CVE-2020-10736 Adam Mohammed found...
Important: Red Hat Security Advisory: Red Hat Ceph Storage 4.2 Security and Bug Fix update
An update is now available for Red Hat Ceph Storage 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...
RHEL 7 / 8 : Red Hat Ceph Storage 4.2 Security and Bug Fix update (Important) (RHSA-2021:0081)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0081 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2020:3459-1)
This update for ceph fixes the following issues : CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. Major batch refactor of ceph-volume that addresses a couple of issues bsc1151612, bsc1158257 Documented Prometheus' security model bsc1169134 monclient: Fixed an issue where...
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2020:3473-1)
This update for ceph fixes the following issues : CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. Added --container-init feature bsc1177319, bsc1163764 Made journald as the logdriver again bsc1177933 Fixes a condition check for copytree, copyfiles, and movefiles in cephadm...
Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 4.1 security and bug fix update
An update is now available for Red Hat Ceph Storage 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
RHEL 7 / 8 : Red Hat Ceph Storage 4.1 (RHSA-2020:5325)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5325 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with...
openSUSE Security Update : ceph (openSUSE-2020-2057)
This update for ceph fixes the following issues : - CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. - Major batch refactor of ceph-volume that addresses a couple of issues bsc1151612, bsc1158257 - Documented Prometheus' security model bsc1169134 - monclient: Fixed an issue...
OPENSUSE-SU-2020:2082-1 Security update for ceph
This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. - Added --container-init feature bsc1177319, bsc1163764 - Made journald as the logdriver again bsc1177933 - Fixes a condition check for copytree, copyfiles, and movefiles in...
SUSE-SU-2020:3539-1 Security update for ceph
This update for ceph fixes the following issues: Security issue fixed: - CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. - mgr/dashboard: Fix for CrushMap viewer items getting compressed vertically bsc1170200 - mon: have 'mon stat' output json as well bsc1174466 -...
[ASA-202011-22] ceph: multiple issues
Arch Linux Security Advisory ASA-202011-22 ========================================== Severity: High Date : 2020-11-26 CVE-ID : CVE-2020-1759 CVE-2020-1760 CVE-2020-10753 CVE-2020-25660 Package : ceph Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1195 Summary =====...
CVE-2020-25660
The CVE-2020-25660 issue affects Cephx authentication in Ceph versions before 15.2.6 and before 14.2.14, where client verification can be bypassed, enabling replay attacks over the msgr2 protocol (affecting most Ceph communications; msgr1 is unaffected). An attacker with cluster-network access co...
CVE-2020-25660
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the...
CVE-2020-25660
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the...