SUSE-SU-2018:1920-1

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2018-10861 CVE-2018-1128 CVE-2018-1129

Published: 10 Jul 2018, 07:42

Last modified:02 May 2025, 04:07

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

10 Jul 2018, 07:42

Published

Vulnerability first disclosed

02 May 2025, 04:07

Last Modified

Vulnerability information updated

Description

Security update for ceph This update for ceph to version ceph-12.2.5-419-g8cbf63d997 fixes the following issues: - CVE-2018-10861: Ensure that ceph-mon does perform authorization on all OSD pool ops (bsc#1099162). - CVE-2018-1129: cephx signature check bypass (bsc#1096748). - CVE-2018-1128: cephx protocol was vulnerable to replay attack (bsc#1096748).

Affected Systems

suse•ceph&distro=SUSE Enterprise Storage 5
< 12.2.5+git.1530082629.8cbf63d997-2.16.1

References (6)

https://www.suse.com/support/update/announcement/2018/suse-su-20181920-1/
https://bugzilla.suse.com/1096748
https://bugzilla.suse.com/1099162
https://www.suse.com/security/cve/CVE-2018-10861
https://www.suse.com/security/cve/CVE-2018-1128
https://www.suse.com/security/cve/CVE-2018-1129