-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 22 Sep 2025 22:55:44 +0200 Source: ceph Architecture: source Version: 14.2.21-1+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Ceph Packaging Team <team+ceph@tracker.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1024932 1053690 1108410 Changes: ceph (14.2.21-1+deb11u1) bullseye-security; urgency=medium . [ Thomas Goirand ] . * CVE-2022-3650: privilege escalation from the ceph user to root. Applied upstream patches (Closes: #1024932). . [ Bastien Roucariès ] * CVE-2021-3979: A key length flaw was found. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. * CVE-2023-43040 rgw: Fix bucket validation against POST policies (Closes: #1053690) * CVE-2025-52555: an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. (Closes: #1108410) Checksums-Sha1: b0d9172fdcbd7dfabe4e8ade78ae8f8a1c666736 5928 ceph_14.2.21-1+deb11u1.dsc fa9070f10c96b7eee086509ac443b84392a55a65 129272778 ceph_14.2.21.orig.tar.gz 4f739e842ea43a43f7d6404546b4a4ca88bfa93c 116868 ceph_14.2.21-1+deb11u1.debian.tar.xz fbc5a3651e6f3bece725e6a2cf8fec0d25f5854d 7224 ceph_14.2.21-1+deb11u1_source.buildinfo Checksums-Sha256: d1a941d1ed310aedf711f8f0f08ae9adef586d2bc54564d1ac5df6f73d4a58f6 5928 ceph_14.2.21-1+deb11u1.dsc bcedc6a89dd660728b61299e8e12556e3782565c44a75e270016a9736bee0dc2 129272778 ceph_14.2.21.orig.tar.gz 88f2300b67fdd99acb19fd93ddaf87df1830d923855cf1239bb18500f288b838 116868 ceph_14.2.21-1+deb11u1.debian.tar.xz 2384c6da56cf99d7b09016dacbae877dacbf255ab36dbd7feb54266e014771aa 7224 ceph_14.2.21-1+deb11u1_source.buildinfo Files: dccf6b3a891e7d5180e8ce17291131a5 5928 admin optional ceph_14.2.21-1+deb11u1.dsc 80c75b5421665fd1e412d29ce74313a2 129272778 admin optional ceph_14.2.21.orig.tar.gz 8d1f30efc2313ce722390a1b5fef4d09 116868 admin optional ceph_14.2.21-1+deb11u1.debian.tar.xz 81db09fd1f098069d7f32aa921a10353 7224 admin optional ceph_14.2.21-1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmjVlNoACgkQADoaLapB CF9g5Q//ZNISVUclwtKIvR7A5BTA2oKwh5pB/2C0eYO6WLMxT7sS90hGYoYNKQfw 1dA8iqdLhLCxs+NUwMSB15rVXOF00pvDNv7DmzROpphCOh8ZPPEIm1kf3Dpf2b4R w0wUx8bhwAh+IDlvbHJ9JxSqBoWbdfaewYne30GJy194KuGYfPHXNwUneexOwUyt X9f2/loTMNraSiWGVbNmDENSCbGqk/H1fKWQr7jOKccQI5MZHXjupeb6YccMf7es aBOTprgoMqILWLOvl3S5FAQryE/R0CJmPv1LJQtBZ7M3iJUgns88jBUgXicxSiXd SC32utnnC4HAJKL2OUPB6ukWLKmcIRajjvF7WZe3UIYwmMqz4zpYojJiIzePwThI 1OPnIkvhI5CMJOFq00FVMwI4o4XrlIMY2niSEU5ax2g3TLCLFN18gEUk0VbS3aIA gbhLJG1KdTLiaOlZudJyZ3m8T16LIO1qHKKaZ/yAIuS7GYIMjCw7xvEDl+xUAO5q L3DSD7BsImDKo9EtqL2ofssAbX2l6Yqv4l7MYWNuS4RxZBLXz2worQFxzxAZVuMg Zt/PWbWJ5ByFCkCyTzzdKHcYtidaHzVvtPBRzjdhkBOgZCUhH9Hq7X7s35Z64tQl GotkjgqfY9jMl/lONzJmjpPT3NujAynLu2n/p+d/jCXHSof5XLI= =6RLS -----END PGP SIGNATURE-----