[ubuntu-cloud-archive/mitaka-updates] ceph (Accepted)
Corey Bryant
corey.bryant at canonical.com
Thu Jan 7 14:08:12 UTC 2021
ceph (10.2.11-0ubuntu0.16.04.3~cloud0) trusty-mitaka; urgency=medium
.
* New update for the Ubuntu Cloud Archive.
.
ceph (10.2.11-0ubuntu0.16.04.3) xenial-security; urgency=medium
.
* SECURITY UPDATE: XSS attacks
- debian/patches/CVE-2020-1760-1.patch: reject unauthenticated
response-header actions in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-2.patch: change EPERM to
ERR_INVALID_REQUEST in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-3.patch: reject control characters in
response-header actions in src/rgw/rgw_rest_s3.cc.
- CVE-2020-1760
* SECURITY UPDATE: HTTP header injection
- debian/patches/CVE-2020-10753.patch: sanitize newlines in
src/rgw/rgw_cors.cc.
- CVE-2020-10753
Date: Tue, 22 Sep 2020 12:05:37 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: Corey Bryant <corey.bryant at canonical.com>
More information about the Cloud-archive-changes
mailing list