Security update for ceph
This update for ceph fixes the following issues:
- CVE-2020-1759: Fixed once reuse in msgr V2 secure mode (bsc#1166403)
- CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting (bsc#1166484).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
-
Submitted by
Nathan Cutler (smithfarm)
Fixed bugs
bnc#1166484
VUL-0: EMBARGOED: CVE-2020-1760: ceph: RGW GetObject has a XSS via header-splitting
bnc#1166403
VUL-0: EMBARGOED: CVE-2020-1759: ceph: Nonce reuse in msgr2 secure mode
