Ubuntu Security Update USN-7706-1: Ceph vulnerabilities

LinuxBot

Member
Joined
Apr 25, 2017
Messages
6,732
Reaction score
94
Credits
-1,257
It was discovered that Ceph incorrectly handled read-only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-14662) Sergey Bobrov discovered that Ceph’s RadosGW (Ceph Object Gateway) allowed the injection of HTTP headers in responses to CORS requests. An attacker could possibly use this issue to compromise system integrity. This issue only affected Ubuntu 16.04 LTS. (CVE-2021-3524)

Continue reading...
 


Follow Linux.org

Staff online

Members online


Latest posts

Top