[Git][security-tracker-team/security-tracker][master] More triage of current ceph issues
Stefano Rivera (@stefanor)
stefanor at debian.org
Mon Jan 2 15:01:21 GMT 2023
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9c926fc4 by Stefano Rivera at 2023-01-02T10:55:47-04:00
More triage of current ceph issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13325,9 +13325,12 @@ CVE-2022-3855
CVE-2022-3854 [possible DoS issue in ceph URL processing on RGW backends]
RESERVED
- ceph <unfixed> (bug #1027151)
+ [bullseye] - ceph <not-affected> (Vulnerable code added in Ceph 16.1)
+ [buster] - ceph <not-affected> (Vulnerable code added in Ceph 16.1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139925
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1205025
NOTE: https://tracker.ceph.com/issues/55765
+ NOTE: https://github.com/ceph/ceph/pull/47025
CVE-2022-44664
RESERVED
CVE-2022-44663
@@ -17812,6 +17815,7 @@ CVE-2022-3650 [ceph-crash.service allows local ceph user to root exploit]
RESERVED
- ceph 16.2.10+ds-4 (bug #1024932)
[bullseye] - ceph <no-dsa> (Minor issue)
+ [buster] - ceph <not-affected> (ceph-crash service added in Ceph 14)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1
NOTE: https://tracker.ceph.com/issues/57967
NOTE: https://github.com/ceph/ceph/pull/48713
@@ -68715,9 +68719,10 @@ CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schem
CVE-2022-0670 (A flaw was found in Openstack manilla owning a Ceph File system "share ...)
- ceph 16.2.10+ds-1 (bug #1016069)
[bullseye] - ceph <no-dsa> (Minor issue)
- [buster] - ceph <no-dsa> (Minor issue)
+ [buster] - ceph <not-affected> (The volumes manager module was added in Ceph 14)
NOTE: https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
NOTE: https://docs.ceph.com/en/latest/security/CVE-2022-0670/
+ NOTE: https://github.com/ceph/ceph/pull/47229
CVE-2022-0669 (A flaw was found in dpdk. This flaw allows a malicious vhost-user mast ...)
{DSA-5130-1}
- dpdk 20.11.5-1 (bug #1010641)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c926fc4e91eed601cb8d6a4d062b3404f1a8e3f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c926fc4e91eed601cb8d6a4d062b3404f1a8e3f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230102/fd9e7b54/attachment.htm>
More information about the debian-security-tracker-commits
mailing list