Virtuozzo Hybrid Infrastructure 6.1 Hotfix 1 (6.1.0-247)

In this release, Virtuozzo Hybrid Infrastructure enables selective updates of specific Kubernetes node groups, as well as provides stability and performance improvements. Vulnerability id: VSTOR-83526 Cannot filter backup plans by using the "Disabled" status. Vulnerability id: VSTOR-83662 Added...

USN-4528-1: Ceph vulnerabilities

Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to preform an HTTP header injection attack. CVE-2020-10753 Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remo...

Ubuntu 16.04 LTS / 18.04 LTS : Ceph vulnerabilities (USN-4528-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4528-1 advisory. Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to...

CVE-2019-19337

A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server...

CVE-2019-19337

A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server...