Security update for ceph
This update for ceph fixes the following issues:
- Update to 15.2.12-83-g528da226523:
- (CVE-2021-3509) fix cookie injection issue (bsc#1186021)
- (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020)
- (CVE-2021-3524) sanitize \r in s3 CORSConfiguration’s ExposeHeader (bsc#1185619)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
-
Submitted by
Holger Sickenberg (holgisms)
Fixed bugs
bnc#1186020
VUL-0: CVE-2021-3531: ceph: RGW unauthenticated denial of service
bnc#1185619
VUL-0: CVE-2021-3524: ceph: ceph object gateway: radosgw: CRLF injection
bnc#1186021
VUL-0: CVE-2021-3509: ceph: XSS via token Cookie in the Ceph Dashboard
