========================================================================== Ubuntu Security Notice USN-7182-1 January 06, 2025
ceph vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Ceph could allow unintended access to network services. Software Description: - ceph: distributed storage and file system Details: It was discovered that Ceph incorrectly handled unsupported JWT algorithms in the RadosGW gateway. An attacker could possibly use this issue to bypass certain authentication checks and restrictions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 ceph 19.2.0-0ubuntu2.1 ceph-base 19.2.0-0ubuntu2.1 ceph-common 19.2.0-0ubuntu2.1 radosgw 19.2.0-0ubuntu2.1 Ubuntu 24.04 LTS ceph 19.2.0-0ubuntu0.24.04.2 ceph-base 19.2.0-0ubuntu0.24.04.2 ceph-common 19.2.0-0ubuntu0.24.04.2 radosgw 19.2.0-0ubuntu0.24.04.2 Ubuntu 22.04 LTS ceph 17.2.7-0ubuntu0.22.04.2 ceph-base 17.2.7-0ubuntu0.22.04.2 ceph-common 17.2.7-0ubuntu0.22.04.2 radosgw 17.2.7-0ubuntu0.22.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7182-1 CVE-2024-48916 Package Information: https://launchpad.net/ubuntu/+source/ceph/19.2.0-0ubuntu2.1 https://launchpad.net/ubuntu/+source/ceph/19.2.0-0ubuntu0.24.04.2 https://launchpad.net/ubuntu/+source/ceph/17.2.7-0ubuntu0.22.04.2
OpenPGP_signature.asc
Description: OpenPGP digital signature
