-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : ceph Version : 0.80.7-2+deb8u3 CVE ID : CVE-2018-14662 CVE-2018-16846 Debian Bug : 921948 921947
Several vulnerabilities were discovered in Ceph, a distributed storage and file system. CVE-2018-14662 It was found that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. CVE-2018-16846 It was found that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. For Debian 8 "Jessie", these problems have been fixed in version 0.80.7-2+deb8u3. We recommend that you upgrade your ceph packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx5cVZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQLfA//Sxj8HS2+kxMBEzeZHEQ1jklRgVnwqY04KZ63JdCj2vz6ddSq1tGOHDvu QrUl2eJa/qP7zkoDDCpkMTVPDJpMZzYrheKQh/xe0L8nQFb5UVAQEOnloU/rMzzH XePSkQfzuhxdSNLUdv+PibgbYHYN7cZb7UMoF3en3sIsraxfbDZAEsMcGNaqzNIJ eQLS21uimCw4yjNUQKi0zhb2kqeMmigZUfMvOMQp8w/mmDkCMU5q03p8Gh6R6T1D G7RQF7HfAiizNK5GAPOB6rbmmjeugt8zMdRwF80UuJNA0XxNXW205bR5Q+YeQ1KM kYzK2Lqb1UPjf7Tbag6exAtnUtOGfCUwC5W6kDo9prdhqZ5UcEYL64vTrfkq/onM olQteTVuC6D0SRuGYtq0u74zRhQJFI0U1hsg1eG1Jg0LBbZ8apAJoZ5uKqZ+hf6B N8M6KrXH2n1qAfBtB7IckoUMqduM1XiLz475JYZLAjxgNRGsozkr8HR8BeEuhwiR jE/KDSHd1b9rAJNJtvCgtO3j3qKFEP78xzYvaYxxnG9wGWNCepMrNlhSRLEynsuO fv02e6sZXAG76jCABTqZvS6Zi9nI47VWQE3I0XuhEvfRUgZQPCEKEjPNPQY+1l16 7SwvNp55qla784zxzEZLN+Jcbn/8GWBSz0VFcRsuWmRvHPMTdeU= =pTXg -----END PGP SIGNATURE-----