Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted ceph 14.2.21-1+deb11u1 (source) into oldoldstable-security
Date: Thu, 25 Sep 2025 19:30:25 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 22 Sep 2025 22:55:44 +0200
Source: ceph
Architecture: source
Version: 14.2.21-1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Ceph Packaging Team <team+ceph@tracker.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1024932 1053690 1108410
Changes:
 ceph (14.2.21-1+deb11u1) bullseye-security; urgency=medium
 .
   [ Thomas Goirand ]
 .
   * CVE-2022-3650: privilege escalation from the ceph user to root. Applied
     upstream patches (Closes: #1024932).
 .
   [ Bastien Roucariès ]
   * CVE-2021-3979:
     A key length flaw was found. An attacker can exploit the
     fact that the key length is incorrectly passed in an
     encryption algorithm to create a non random key,
     which is weaker and can be exploited for loss of
     confidentiality and integrity on encrypted disks.
   * CVE-2023-43040 rgw: Fix bucket validation against POST policies
     (Closes: #1053690)
   * CVE-2025-52555: an unprivileged user can escalate to root
     privileges in a ceph-fuse mounted CephFS by chmod 777
     a directory owned by root to gain access. The result
     of this is that a user could read, write and execute
     to any directory owned by root as long as they chmod
     777 it. This impacts confidentiality, integrity, and availability.
     (Closes: #1108410)
Checksums-Sha1:
 b0d9172fdcbd7dfabe4e8ade78ae8f8a1c666736 5928 ceph_14.2.21-1+deb11u1.dsc
 fa9070f10c96b7eee086509ac443b84392a55a65 129272778 ceph_14.2.21.orig.tar.gz
 4f739e842ea43a43f7d6404546b4a4ca88bfa93c 116868 ceph_14.2.21-1+deb11u1.debian.tar.xz
 fbc5a3651e6f3bece725e6a2cf8fec0d25f5854d 7224 ceph_14.2.21-1+deb11u1_source.buildinfo
Checksums-Sha256:
 d1a941d1ed310aedf711f8f0f08ae9adef586d2bc54564d1ac5df6f73d4a58f6 5928 ceph_14.2.21-1+deb11u1.dsc
 bcedc6a89dd660728b61299e8e12556e3782565c44a75e270016a9736bee0dc2 129272778 ceph_14.2.21.orig.tar.gz
 88f2300b67fdd99acb19fd93ddaf87df1830d923855cf1239bb18500f288b838 116868 ceph_14.2.21-1+deb11u1.debian.tar.xz
 2384c6da56cf99d7b09016dacbae877dacbf255ab36dbd7feb54266e014771aa 7224 ceph_14.2.21-1+deb11u1_source.buildinfo
Files:
 dccf6b3a891e7d5180e8ce17291131a5 5928 admin optional ceph_14.2.21-1+deb11u1.dsc
 80c75b5421665fd1e412d29ce74313a2 129272778 admin optional ceph_14.2.21.orig.tar.gz
 8d1f30efc2313ce722390a1b5fef4d09 116868 admin optional ceph_14.2.21-1+deb11u1.debian.tar.xz
 81db09fd1f098069d7f32aa921a10353 7224 admin optional ceph_14.2.21-1+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmjVlNoACgkQADoaLapB
CF9g5Q//ZNISVUclwtKIvR7A5BTA2oKwh5pB/2C0eYO6WLMxT7sS90hGYoYNKQfw
1dA8iqdLhLCxs+NUwMSB15rVXOF00pvDNv7DmzROpphCOh8ZPPEIm1kf3Dpf2b4R
w0wUx8bhwAh+IDlvbHJ9JxSqBoWbdfaewYne30GJy194KuGYfPHXNwUneexOwUyt
X9f2/loTMNraSiWGVbNmDENSCbGqk/H1fKWQr7jOKccQI5MZHXjupeb6YccMf7es
aBOTprgoMqILWLOvl3S5FAQryE/R0CJmPv1LJQtBZ7M3iJUgns88jBUgXicxSiXd
SC32utnnC4HAJKL2OUPB6ukWLKmcIRajjvF7WZe3UIYwmMqz4zpYojJiIzePwThI
1OPnIkvhI5CMJOFq00FVMwI4o4XrlIMY2niSEU5ax2g3TLCLFN18gEUk0VbS3aIA
gbhLJG1KdTLiaOlZudJyZ3m8T16LIO1qHKKaZ/yAIuS7GYIMjCw7xvEDl+xUAO5q
L3DSD7BsImDKo9EtqL2ofssAbX2l6Yqv4l7MYWNuS4RxZBLXz2worQFxzxAZVuMg
Zt/PWbWJ5ByFCkCyTzzdKHcYtidaHzVvtPBRzjdhkBOgZCUhH9Hq7X7s35Z64tQl
GotkjgqfY9jMl/lONzJmjpPT3NujAynLu2n/p+d/jCXHSof5XLI=
=6RLS
-----END PGP SIGNATURE-----
News for package ceph
