CVE-2018-16889

Priority
Description
Ceph does not properly sanitize encryption keys in debug logging for v4
auth. This results in the leaking of encryption key information in log
files via plaintext. Versions up to v13.2.4 are vulnerable.
Assigned-to
mdeslaur
Notes
mdeslaurIn Xenial, there are many more instances of information being
logged. We will not be fixing this issue in Xenial.
Package
Source: ceph (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (10.2.11-0ubuntu0.16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (12.2.11-0ubuntu0.18.04.1)
Patches:
Upstream:https://github.com/ceph/ceph/commit/ba55e2a96c9dfcc7aa2311431beaaa23cb05c30d
More Information

Updated: 2020-07-28 20:04:20 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)