Your message dated Wed, 27 Jul 2022 12:04:08 +0000 with message-id <e1ogflo-0003er...@fasolo.debian.org> and subject line Bug#1016069: fixed in ceph 16.2.10+ds-1 has caused the Debian Bug report #1016069, regarding ceph: CVE-2022-0670 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1016069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016069 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ceph X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for ceph. CVE-2022-0670[0]: | A flaw was found in Openstack manilla owning a Ceph File system | "share", which enables the owner to read/write any manilla share or | entire file system. The vulnerability is due to a bug in the "volumes" | plugin in Ceph Manager. This allows an attacker to compromise | Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and | Ceph 17.2.2. https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/ If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-0670 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0670 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: ceph Source-Version: 16.2.10+ds-1 Done: Thomas Goirand <z...@debian.org> We believe that the bug you reported is fixed in the latest version of ceph, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1016...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated ceph package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 27 Jul 2022 09:30:47 +0200 Source: ceph Architecture: source Version: 16.2.10+ds-1 Distribution: unstable Urgency: high Maintainer: Ceph Packaging Team <team+c...@tracker.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Closes: 1016069 Changes: ceph (16.2.10+ds-1) unstable; urgency=high . * New upstream hotfix release: - CVE-2022-0670: Users who were running OpenStack Manila to export native CephFS, who upgraded their Ceph cluster from Nautilus (or earlier) to a later major version, were vulnerable to an attack by malicious users (Closes: #1016069). - A regression made it possible to dereference a null pointer for for s3website requests that don’t refer to a bucket resulting in an RGW segfault. * Add fix-FTBFS-include-memory.h.patch to address FTBFS under GCC 12. Checksums-Sha1: 867dcd271fb80fda3e9dfb7f09fd2e2c4fbc8637 8176 ceph_16.2.10+ds-1.dsc e80d98af2de324ef3c547929200b880a46e1be4d 108636252 ceph_16.2.10+ds.orig.tar.xz cb38d83ddea5980fe76045476c6db791eadbb25c 117864 ceph_16.2.10+ds-1.debian.tar.xz ef081537159598e4dc294be041210131a1a6e68d 41581 ceph_16.2.10+ds-1_amd64.buildinfo Checksums-Sha256: 08af6897f9d540ba2dbd535ccfe3c5967742b5e45fdb411de08d2b588b9b2f46 8176 ceph_16.2.10+ds-1.dsc d7edf185fbfbc87d98c8a1a374588eb025d9abe29a349fb50988ca62974030b1 108636252 ceph_16.2.10+ds.orig.tar.xz 6d4263b6491044b0e6ec060378827179e87cf3508c015787d5b6a224521068f2 117864 ceph_16.2.10+ds-1.debian.tar.xz 298e9738945d39dca9124d932f030f2db615cd20613af9283f36dc52d9b1f99e 41581 ceph_16.2.10+ds-1_amd64.buildinfo Files: 97937fddc1d852c2c5ce1f89954dda59 8176 admin optional ceph_16.2.10+ds-1.dsc 8304132781a5930c33a59ac16968174e 108636252 admin optional ceph_16.2.10+ds.orig.tar.xz 2d831937c9c612129f9057c2302e3258 117864 admin optional ceph_16.2.10+ds-1.debian.tar.xz a35522f00651d1ac844322b919dfdebf 41581 admin optional ceph_16.2.10+ds-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmLhJ1sACgkQ1BatFaxr Q/7meA/9EjEOfxeoeKGLgUcxycpOKhJ8FTKZDOJW2nz63o5/8BT8/nopuD80+Ane n4ObvN0aKbrbBwvOgaf472/3yBO9PsIQFx+09oxMNqHkHJ1a/vUiuMcSniO+bDcB F22DR9GZ5QOQyD3xV6z0PAQGDRup7DT4J/+0LwqmSRIIl54tbZsVzOixlqvWqHnl vYuwemhrMLe43oCc/Fujr1a+vhzsMszPXxf3EiuvDXgEoTEJItq5pE+kcNeiiRMZ rirIVixiGSWTjlidEUCTV/WvwKDLTMBm69xWPwwM4idr7jREQW01r7ieCH12k/fO xlhSvJHaOhaZWnpKtWgaxXwYu3rOUWrgQ1LYwHdaIaSQ5exUuO8hhfQaxE9kR/ox NfXBA+ULPcfWAl/57KJPPOu3AE9i+zdtYDe2ki5O9YS+PImXs4rGtCTwfNUv6np1 AOZGEXjt9Q1/rQK0pXeh2Rd8mqBwAT9KqgaBwq4Xl2NfGiuOWdrmctuWNdz+Ri+/ dGDwmt2xB+laVneMUCZZwh6zEVgD/bXTYc2bJFlIzRW1MGeUxR4zxyGOJEfiu4UC DzvCY8WVjm0xJ/FkovqtqEX9DiC2VeSdvqV5djiLvv0itwEAoNIgTN6eGuxAcSxM GR9Y4rBJOJv/fBqFuH0cGaEM8vwWmEVgVyy4twaIjEcqiiNce0U= =EWVN -----END PGP SIGNATURE-----
--- End Message ---
