CVE-2018-16889

Priority
Description
Ceph does not properly sanitize encryption keys in debug logging for v4
auth. This results in the leaking of encryption key information in log
files via plaintext. Versions up to v13.2.4 are vulnerable.
Assigned-to
mdeslaur
Notes
mdeslaurIn Xenial, there are many more instances of information being
logged. We will not be fixing this issue in Xenial.
Package
Source: ceph (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (10.2.11-0ubuntu0.16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (12.2.11-0ubuntu0.18.04.1)
Ubuntu 19.04 (Disco Dingo):released (13.2.4+dfsg1-0ubuntu2.1)
Ubuntu 19.10 (Eoan Ermine):released (14.2.1-0ubuntu1)
Patches:
Upstream:https://github.com/ceph/ceph/commit/ba55e2a96c9dfcc7aa2311431beaaa23cb05c30d
More Information

Updated: 2019-12-05 21:09:01 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)