Format: 1.8 Date: Wed, 19 Apr 2023 18:59:11 -0400 Source: ceph Built-For-Profiles: noudeb Architecture: source Version: 17.2.5-0ubuntu0.22.04.3 Distribution: jammy-security Urgency: medium Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Changes: ceph (17.2.5-0ubuntu0.22.04.3) jammy-security; urgency=medium . * SECURITY UPDATE: privilege escalation via ceph crash service - debian/patches/CVE-2022-3650-1.patch: re-add unused frame in handler() in src/ceph-crash.in. - debian/patches/CVE-2022-3650-2.patch: fix some flake8 issues in src/ceph-crash.in. - debian/patches/CVE-2022-3650-3.patch: fix stderr handling in src/ceph-crash.in. - debian/patches/CVE-2022-3650-4.patch: drop privleges to run as "ceph" user, rather than root in src/ceph-crash.in. - debian/patches/CVE-2022-3650-5.patch: chown crash files to ceph user in qa/workunits/rados/test_crash.sh. - debian/patches/CVE-2022-3650-6.patch: log warning if crash directory unreadable in src/ceph-crash.in. - CVE-2022-3650 * This also fixes CVE-2022-0670 and CVE-2022-3854 in the -security pocket. Checksums-Sha1: 8357c6558d00235470aefcd1954b61a1257b65ec 10072 ceph_17.2.5-0ubuntu0.22.04.3.dsc 6d2b9c0fec5cf40cd3d1372b49b6079625365ca3 129208 ceph_17.2.5-0ubuntu0.22.04.3.debian.tar.xz 5425157e3bd98227f27c33ebf4fa95f40f528630 22327 ceph_17.2.5-0ubuntu0.22.04.3_source.buildinfo Checksums-Sha256: 3f4a94307871afefc0961a6a563532f44f854b27a94dad762d97c6c09c40c7a0 10072 ceph_17.2.5-0ubuntu0.22.04.3.dsc 02a8692248a82e1f5103b82a60958384f3cda0d23ad8e1f9a0fb400a3fde3849 129208 ceph_17.2.5-0ubuntu0.22.04.3.debian.tar.xz f9a8ed4b2c989b6b61faf80fd19efeefad4add1098573fd47d581c38c4365193 22327 ceph_17.2.5-0ubuntu0.22.04.3_source.buildinfo Files: 4a831cd506f4c13c0dc756725dcc0763 10072 admin optional ceph_17.2.5-0ubuntu0.22.04.3.dsc 9218cbcd27fed0164549d8ae56d49ec8 129208 admin optional ceph_17.2.5-0ubuntu0.22.04.3.debian.tar.xz 3d84944de6ab58051f9219d780c4efa2 22327 admin optional ceph_17.2.5-0ubuntu0.22.04.3_source.buildinfo Original-Maintainer: Ceph Packaging Team