It was discovered that Ceph incorrectly handled the handle_command function. A remote authenticated user could use this issue to cause Ceph to crash, resulting in a denial of service. (CVE-2016-5009)
Rahul Aggarwal discovered that Ceph incorrectly handled the authenticated-read ACL. A remote attacker could possibly use this issue to list bucket contents via a URL. (CVE-2016-7031)
Diluga Salome discovered that Ceph incorrectly handled certain POST objects with null conditions. A remote attacker could possibly use this issue to cuase Ceph to crash, resulting in a denial of service. (CVE-2016-8626)
Yang Liu discovered that Ceph incorrectly handled invalid HTTP Origin headers. A remote attacker could possibly use this issue to cuase Ceph to crash, resulting in a denial of service. (CVE-2016-9579)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "ceph", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "ceph-common", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "ceph-fs-common", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "ceph-fuse", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "ceph-mds", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "ceph-resource-agents", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "ceph-test", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "libcephfs-dev", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "libcephfs-java", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "libcephfs-jni", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "libcephfs1", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "librados-dev", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "librados2", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "librbd-dev", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "librbd1", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "python-ceph", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "radosgw", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "rbd-fuse", "binary_version": "0.80.11-0ubuntu1.14.04.3" }, { "binary_name": "rest-bench", "binary_version": "0.80.11-0ubuntu1.14.04.3" } ] }