28833 – ceph new security issue CVE-2021-20288

Bug 28833 - ceph new security issue CVE-2021-20288

Summary: ceph new security issue CVE-2021-20288

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	Mageia 9
Assignee:	Chris Denice
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-04-23 19:36 CEST by Aurelien Oudelet
Modified:	2021-04-23 21:28 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	ceph-15.2.9-1.mga8.src.rpm
CVE:	CVE-2021-20288
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Aurelien Oudelet 2021-04-23 19:36:20 CEST

+++ This bug was initially created as a clone of Bug #28804 +++

A security issue fixed upstream in Ceph has been announced on April 14:
https://www.openwall.com/lists/oss-security/2021/04/14/2

Mageia 8 has fix pending in Bug 28804.
In Bug 28804 and Comment 2, Chris wants to migrate Cauldron to version 16.0:

> NB: Cauldron will follow, but I'd like to move to 16.0.* version on it.


Cloning 28804 to don't forget this, assigning to Chris according to above.

Comment 1 Chris Denice 2021-04-23 21:21:09 CEST

Yes, you're right. I've pushed the fix on Cauldron, I can move to 16.2.* from there and we don't have security issues hanging around, let me close this bug.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 2 Aurelien Oudelet 2021-04-23 21:28:22 CEST

Nice!

Note You need to log in before you can comment on or make changes to this bug.