OPENSUSE-SU-2021:1834-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 10 Jul 2021, 19:13
Last modified:04 Feb 2026, 02:41
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
10 Jul 2021, 19:13
Published
Vulnerability first disclosed
04 Feb 2026, 02:41
Last Modified
Vulnerability information updated
Description
Security update for ceph This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - (CVE-2021-3509) fix cookie injection issue (bsc#1186021) - (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020) - (CVE-2021-3524) sanitize \r in s3 CORSConfiguration’s ExposeHeader (bsc#1185619)
Affected Systems
- opensuse•ceph-test&distro=openSUSE Leap 15.3
< 15.2.12.83+g528da226523-3.25.1
- opensuse•ceph&distro=openSUSE Leap 15.3
< 15.2.12.83+g528da226523-3.25.1
References (7)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OD76XLAQUNHRCX53LARPKA7IODR5MCPO/
- https://bugzilla.suse.com/1185619
- https://bugzilla.suse.com/1186020
- https://bugzilla.suse.com/1186021
- https://www.suse.com/security/cve/CVE-2021-3509
- https://www.suse.com/security/cve/CVE-2021-3524
- https://www.suse.com/security/cve/CVE-2021-3531