Summary: | <sys-cluster/ceph-{14.2.14,15.2.6}: multiple vulnerabilities (CVE-2020-{1759,1760,10753,25660}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chutzpah, cluster, dlan |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://ceph.io/releases/v14-2-14-nautilus-released/ | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 761969 | ||
Bug Blocks: |
Description
John Helmert III
2020-12-20 07:53:33 UTC
Sanity check failed:
> sys-cluster/ceph-14.2.15
> depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> dev-libs/rocksdb:=
> depend amd64 stable profile default/linux/amd64/17.1 (14 total)
> dev-libs/rocksdb:=
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> dev-libs/rocksdb:=
> rdepend amd64 stable profile default/linux/amd64/17.1 (14 total)
> dev-libs/rocksdb:=
All sanity-check issues have been resolved We'll actually need to stabilize a newer version for the dependency. CVE-2020-1759: ============== Upstream commit: https://github.com/ceph/ceph/commit/f6c5ad8a5f534d73cba9c6bd794a89e879c46ecc Fixed in >=14.2.9 CVE-2020-1760: ============== Upstream commit: https://github.com/ceph/ceph/commit/c7da604cb101cbe78a257a29498a98c69964e0a6 Fixed in >=14.2.9 CVE-2020-10753: =============== Upstream issue: https://github.com/ceph/ceph/pull/35773 Upstream commit: https://github.com/ceph/ceph/commit/46817f30cee60bc5df8354ab326762e7c783fe2c Fixed in >=14.2.10 CVE-2020-25660: Fixed in >=14.2.14 New GLSA request filed. This issue was resolved and addressed in GLSA 202105-39 at https://security.gentoo.org/glsa/202105-39 by GLSA coordinator Thomas Deutschmann (whissi). |