USN-3452-1: Ceph vulnerabilities
USN-3452-1: Ceph vulnerabilities Ubuntu Security Notice USN-3452-1 11th October, 2017 ceph vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in Ceph. Software description ceph – distributed storage and file system Details It was discovered that Ceph incorrectly handled the handle_commandfunction. A remote authenticated user could use this issue to cause Ceph tocrash, resulting in a denial of service. (CVE-2016-5009) Rahul Aggarwal discovered that Ceph incorrectly handled theauthenticated-read ACL. A remote attacker could possibly use this issue tolist bucket contents via a URL. (CVE-2016-7031) Diluga Salome discovered that Ceph incorrectly handled certain POST objectswith null conditions. A remote attacker could possibly use this issue tocuase Ceph to crash, resulting in a denial of service. (CVE-2016-8626) Yang Liu discovered that Ceph incorrectly handled invalid HTTP Originheaders. A remote attacker [ more… ]