SUSE-SU-2021:1835-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 02 Jun 2021, 13:38
Last modified:02 May 2025, 04:10
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Jun 2021, 13:38
Published
Vulnerability first disclosed
02 May 2025, 04:10
Last Modified
Vulnerability information updated
Description
Security update for ceph This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - (CVE-2021-3509) fix cookie injection issue (bsc#1186021) - (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020) - (CVE-2021-3524) sanitize \r in s3 CORSConfiguration’s ExposeHeader (bsc#1185619)
Affected Systems
- suse•ceph&distro=SUSE Enterprise Storage 6
< 14.2.21.403+g69ab6ea274d-3.63.1
- suse•ceph&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
< 14.2.21.403+g69ab6ea274d-3.63.1
- suse•ceph&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
< 14.2.21.403+g69ab6ea274d-3.63.1
- suse•ceph&distro=SUSE Linux Enterprise Server 15 SP1-BCL
< 14.2.21.403+g69ab6ea274d-3.63.1
- suse•ceph&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
< 14.2.21.403+g69ab6ea274d-3.63.1
- suse•ceph&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP1
< 14.2.21.403+g69ab6ea274d-3.63.1
- suse•ceph&distro=SUSE Manager Proxy 4.0
< 14.2.21.403+g69ab6ea274d-3.63.1
- suse•ceph&distro=SUSE Manager Retail Branch Server 4.0
< 14.2.21.403+g69ab6ea274d-3.63.1
- suse•ceph&distro=SUSE Manager Server 4.0
< 14.2.21.403+g69ab6ea274d-3.63.1
References (7)
- https://www.suse.com/support/update/announcement/2021/suse-su-20211835-1/
- https://bugzilla.suse.com/1185619
- https://bugzilla.suse.com/1186020
- https://bugzilla.suse.com/1186021
- https://www.suse.com/security/cve/CVE-2021-3509
- https://www.suse.com/security/cve/CVE-2021-3524
- https://www.suse.com/security/cve/CVE-2021-3531