Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 679414 - <sys-cluster/ceph-12.2.11: multiple vulnerabilities (CVE-2018-{14662,16846})
Summary: <sys-cluster/ceph-12.2.11: multiple vulnerabilities (CVE-2018-{14662,16846})
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable cve]
Keywords: STABLEREQ
Depends on: 679716
Blocks:
  Show dependency tree
 
Reported: 2019-03-04 16:43 UTC by GLSAMaker/CVETool Bot
Modified: 2019-04-06 12:46 UTC (History)
4 users (show)

See Also:
Package list:
sys-cluster/ceph-12.2.11
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-03-04 16:43:48 UTC
CVE-2018-16846 (https://nvd.nist.gov/vuln/detail/CVE-2018-16846):
  It was found in Ceph versions before 13.2.4 that authenticated ceph RGW
  users can cause a denial of service against OMAPs holding bucket indices.

CVE-2018-14662 (https://nvd.nist.gov/vuln/detail/CVE-2018-14662):
  It was found Ceph versions before 13.2.4 that authenticated ceph users with
  read only permissions could steal dm-crypt encryption keys used in ceph disk
  encryption.
Comment 1 Patrick McLean gentoo-dev 2019-03-04 21:55:01 UTC
We can stabilize 12.2.11 (which has the patch for this). I don't want to stabilize the 13.2 series yet.

@arches
please stabilize =sys-cluster/ceph-12.2.11
Comment 2 Thomas Deutschmann gentoo-dev Security 2019-03-07 21:35:38 UTC
x86 stopped stabilization due to bug 679716.
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-03-24 10:07:23 UTC
fix depends on first
Comment 4 Larry the Git Cow gentoo-dev 2019-03-29 02:23:54 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4af9cbde3856cdc92a13441e6cceb1f06c067d78

commit 4af9cbde3856cdc92a13441e6cceb1f06c067d78
Author:     Patrick McLean <patrick.mclean@sony.com>
AuthorDate: 2019-03-29 02:22:17 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2019-03-29 02:22:17 +0000

    sys-cluster/ceph: Fix 12.2.11 compile fail on x86 (bug #679414)
    
    Closes: https://bugs.gentoo.org/679414
    Copyright: Sony Interactive Entertainment Inc.
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

 sys-cluster/ceph/ceph-12.2.11.ebuild                   |  1 +
 sys-cluster/ceph/files/ceph-12.2.11-fix-min-call.patch | 13 +++++++++++++
 2 files changed, 14 insertions(+)
Comment 5 Patrick McLean gentoo-dev 2019-03-29 02:24:49 UTC
Oops closed the wrong bug in my commit
Comment 6 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-03-29 02:51:33 UTC
@arches, please stabilize.
Comment 7 Agostino Sarubbo gentoo-dev 2019-04-06 12:46:10 UTC
amd64 stable