[Git][security-tracker-team/security-tracker][master] More triage of current ceph issues

Stefano Rivera (@stefanor) stefanor at debian.org
Mon Jan 2 15:01:21 GMT 2023



Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c926fc4 by Stefano Rivera at 2023-01-02T10:55:47-04:00
More triage of current ceph issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13325,9 +13325,12 @@ CVE-2022-3855
 CVE-2022-3854 [possible DoS issue in ceph URL processing on RGW backends]
 	RESERVED
 	- ceph <unfixed> (bug #1027151)
+	[bullseye] - ceph <not-affected> (Vulnerable code added in Ceph 16.1)
+	[buster] - ceph <not-affected> (Vulnerable code added in Ceph 16.1)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139925
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1205025
 	NOTE: https://tracker.ceph.com/issues/55765
+	NOTE: https://github.com/ceph/ceph/pull/47025
 CVE-2022-44664
 	RESERVED
 CVE-2022-44663
@@ -17812,6 +17815,7 @@ CVE-2022-3650 [ceph-crash.service allows local ceph user to root exploit]
 	RESERVED
 	- ceph 16.2.10+ds-4 (bug #1024932)
 	[bullseye] - ceph <no-dsa> (Minor issue)
+	[buster] - ceph <not-affected> (ceph-crash service added in Ceph 14)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1
 	NOTE: https://tracker.ceph.com/issues/57967
 	NOTE: https://github.com/ceph/ceph/pull/48713
@@ -68715,9 +68719,10 @@ CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schem
 CVE-2022-0670 (A flaw was found in Openstack manilla owning a Ceph File system "share ...)
 	- ceph 16.2.10+ds-1 (bug #1016069)
 	[bullseye] - ceph <no-dsa> (Minor issue)
-	[buster] - ceph <no-dsa> (Minor issue)
+	[buster] - ceph <not-affected> (The volumes manager module was added in Ceph 14)
 	NOTE: https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
 	NOTE: https://docs.ceph.com/en/latest/security/CVE-2022-0670/
+	NOTE: https://github.com/ceph/ceph/pull/47229
 CVE-2022-0669 (A flaw was found in dpdk. This flaw allows a malicious vhost-user mast ...)
 	{DSA-5130-1}
 	- dpdk 20.11.5-1 (bug #1010641)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c926fc4e91eed601cb8d6a4d062b3404f1a8e3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c926fc4e91eed601cb8d6a4d062b3404f1a8e3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230102/fd9e7b54/attachment.htm>


More information about the debian-security-tracker-commits mailing list