On 7/27/22 09:13, Thomas Goirand wrote:
On 7/26/22 13:16, Moritz Mühlenhoff wrote:
Source: ceph
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ceph.
CVE-2022-0670[0]:
| A flaw was found in Openstack manilla owning a Ceph File system
| "share", which enables the owner to read/write any manilla share or
| entire file system. The vulnerability is due to a bug in the "volumes"
| plugin in Ceph Manager. This allows an attacker to compromise
| Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and
| Ceph 17.2.2.
https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-0670
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0670
Please adjust the affected versions in the BTS as needed.
Hi Moritz,
If I'm not mistaking, this security hole is only in the 16.2.x series of
Ceph, right? I'll upgrade to 16.2.10 immediately. Please let me know
about Ceph in Bullseye.
Cheers,
Thomas Goirand (zigo)
Oh... now I have the problem that Ceph FTBFS with GCC 12... :/
I'll let you know when I can get this fixed.
Cheers,
Thomas Goirand (zigo)
