Overview

File _patchinfo of Package patchinfo.19777

<patchinfo incident="19777">
  <issue tracker="bnc" id="1186020">VUL-0: CVE-2021-3531: ceph: RGW unauthenticated denial of service</issue>
  <issue tracker="bnc" id="1185619">VUL-0: CVE-2021-3524: ceph: ceph object gateway: radosgw: CRLF injection</issue>
  <issue tracker="bnc" id="1186021">VUL-0: CVE-2021-3509: ceph: XSS via token Cookie in the Ceph Dashboard</issue>
  <issue tracker="cve" id="2021-3509"/>
  <issue tracker="cve" id="2021-3524"/>
  <issue tracker="cve" id="2021-3531"/>
  <packager>holgisms</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ceph</summary>
  <description>This update for ceph fixes the following issues:

- Update to 15.2.12-83-g528da226523:
- (CVE-2021-3509) fix cookie injection issue (bsc#1186021)
- (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020)
- (CVE-2021-3524) sanitize \r in s3 CORSConfiguration&#8217;s ExposeHeader (bsc#1185619)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places