SUSE-SU-2021:1834-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 02 Jun 2021, 13:37
Last modified:04 Feb 2026, 02:24
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Jun 2021, 13:37
Published
Vulnerability first disclosed
04 Feb 2026, 02:24
Last Modified
Vulnerability information updated
Description
Security update for ceph This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - (CVE-2021-3509) fix cookie injection issue (bsc#1186021) - (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020) - (CVE-2021-3524) sanitize \r in s3 CORSConfiguration’s ExposeHeader (bsc#1185619)
Affected Systems
- suse•ceph&distro=SUSE Enterprise Storage 7
< 15.2.12.83+g528da226523-3.25.1
- suse•ceph&distro=SUSE Linux Enterprise Micro 5.0
< 15.2.12.83+g528da226523-3.25.1
- suse•ceph&distro=SUSE Linux Enterprise Module for Basesystem 15 SP2
< 15.2.12.83+g528da226523-3.25.1
- suse•ceph&distro=SUSE Linux Enterprise Module for Basesystem 15 SP3
< 15.2.12.83+g528da226523-3.25.1
References (7)
- https://www.suse.com/support/update/announcement/2021/suse-su-20211834-1/
- https://bugzilla.suse.com/1185619
- https://bugzilla.suse.com/1186020
- https://bugzilla.suse.com/1186021
- https://www.suse.com/security/cve/CVE-2021-3509
- https://www.suse.com/security/cve/CVE-2021-3524
- https://www.suse.com/security/cve/CVE-2021-3531