Bug 28833

Summary: ceph new security issue CVE-2021-20288
Product: Mageia Reporter: Aurelien Oudelet <ouaurelien>
Component: SecurityAssignee: Chris Denice <eatdirt>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: ouaurelien
Version: Cauldron   
Target Milestone: Mageia 9   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ceph-15.2.9-1.mga8.src.rpm CVE: CVE-2021-20288
Status comment:

Description Aurelien Oudelet 2021-04-23 19:36:20 CEST 
+++ This bug was initially created as a clone of Bug #28804 +++

A security issue fixed upstream in Ceph has been announced on April 14:
https://www.openwall.com/lists/oss-security/2021/04/14/2

Mageia 8 has fix pending in Bug 28804.
In Bug 28804 and Comment 2, Chris wants to migrate Cauldron to version 16.0:

> NB: Cauldron will follow, but I'd like to move to 16.0.* version on it.


Cloning 28804 to don't forget this, assigning to Chris according to above.
Comment 1 Chris Denice 2021-04-23 21:21:09 CEST 
Yes, you're right. I've pushed the fix on Cauldron, I can move to 16.2.* from there and we don't have security issues hanging around, let me close this bug.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 2 Aurelien Oudelet 2021-04-23 21:28:22 CEST 
Nice!