Publishing details


ceph (0.80.11-0ubuntu1.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS in handle_command function
    - debian/patches/CVE-2016-5009.patch: validate prefix in
      src/mon/, add test to src/test/librados/
    - CVE-2016-5009
  * SECURITY UPDATE: anonymouse user bucket contents list via a URL
    - debian/patches/CVE-2016-7031.patch: check ACLs in
      src/rgw/, src/rgw/
    - CVE-2016-7031
  * SECURITY UPDATE: DoS via POST object with null conditions
    - debian/patches/CVE-2016-8626.patch: handle empty POST condition in
    - CVE-2016-8626
  * SECURITY UPDATE: DoS via request with invalid HTTP Origin header
    - debian/patches/CVE-2016-9579.patch: do not abort on short origin in
    - CVE-2016-9579

 -- Marc Deslauriers <email address hidden>  Mon, 25 Sep 2017 16:44:20 -0400

Available diffs


Built packages

Package files