CVE-2018-16889

Priority
Description
Ceph does not properly sanitize encryption keys in debug logging for v4
auth. This results in the leaking of encryption key information in log
files via plaintext. Versions up to v13.2.4 are vulnerable.
Notes
 mdeslaur> In Xenial, there are many more instances of information being
 mdeslaur> logged. We will not be fixing this issue in Xenial.
Assigned-to
mdeslaur
Package
Source: ceph (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):released (12.2.11-0ubuntu0.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):pending (14.2.1-0ubuntu1)
Patches:
Upstream:https://github.com/ceph/ceph/commit/ba55e2a96c9dfcc7aa2311431beaaa23cb05c30d
More Information

Updated: 2019-05-31 14:14:14 UTC (commit 655b30401ffff7bbdcbfd5c10a8989ac5128edd2)