Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-14662

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

Related bugs and status

CVE-2018-14662 (Candidate) is related to these bugs:

Bug #1810766: [SRU] ceph 13.2.4

		In	Importance	Status
1810766	[SRU] ceph 13.2.4	ceph (Ubuntu)	High	Fix Released
1810766	[SRU] ceph 13.2.4	ceph (Ubuntu Disco)	High	Fix Released
1810766	[SRU] ceph 13.2.4	ceph (Ubuntu Cosmic)	High	Fix Released
1810766	[SRU] ceph 13.2.4	Ubuntu Cloud Archive	Undecided	Fix Released
1810766	[SRU] ceph 13.2.4	Ubuntu Cloud Archive rocky	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://ceph.com/relea...
CONFIRM: https://bugzilla.redha...
MLIST: [debian-lts-announce] ...
SUSE: openSUSE-SU-2019:1284
UBUNTU: USN-4035-1
REDHAT: RHSA-2019:2538
REDHAT: RHSA-2019:2541
MLIST: [debian-lts-announce] ...