CVE-2018-10861

Priority
Description
A flaw was found in the way ceph mon handles user requests. Any
authenticated ceph user having read access to ceph can delete, create ceph
storage pools and corrupt snapshot images. Ceph branches master, mimic,
luminous and jewel are believed to be affected.
Package
Source: ceph (LP Ubuntu Debian)
Upstream:released (10.2.11,12.2.6)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Trusty/esm:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (10.2.11-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (12.2.7-0ubuntu0.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (13.2.4+dfsg1-0ubuntu0.18.10.1)
Ubuntu 19.04 (Disco Dingo):not-affected (13.2.4+dfsg1-0ubuntu1)
Ubuntu 19.10 (Eoan):not-affected (13.2.4+dfsg1-0ubuntu1)
Patches:
Upstream:https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc
Upstream:https://github.com/ceph/ceph/commit/4e1bc0cd6a0aaa76eb1936d1717a4ab07e179da6 (mimic)
Upstream:https://github.com/ceph/ceph/commit/c41a2e696e26a7f747afeeeb44f96c322bd739af (jewel)
More Information

Updated: 2019-04-26 14:25:34 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)