Publishing details

Published on 2023-06-01
Copied from ubuntu jammy in PPA for Ubuntu Security Proposed

Changelog

ceph (17.2.5-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via ceph crash service
    - debian/patches/CVE-2022-3650-1.patch: re-add unused frame in
      handler() in src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-2.patch: fix some flake8 issues in
      src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-3.patch: fix stderr handling in
      src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-4.patch: drop privleges to run as "ceph"
      user, rather than root in src/ceph-crash.in.
    - debian/patches/CVE-2022-3650-5.patch: chown crash files to ceph user
      in qa/workunits/rados/test_crash.sh.
    - debian/patches/CVE-2022-3650-6.patch: log warning if crash directory
      unreadable in src/ceph-crash.in.
    - CVE-2022-3650
  * This also fixes CVE-2022-0670 and CVE-2022-3854 in the -security
    pocket.

 -- Marc Deslauriers <email address hidden>  Wed, 19 Apr 2023 18:59:11 -0400

Available diffs

Builds

Package files

ceph_17.2.5-0ubuntu0.22.04.3.debian.tar.xz (126.2 KiB)
ceph_17.2.5-0ubuntu0.22.04.3.dsc (9.8 KiB)
ceph_17.2.5.orig.tar.xz (112.3 MiB)