USN-4035-1

Advisory lineage Upstream: 8 Downstream: 0

Upstream

CVE-2018-14662 CVE-2018-16846 CVE-2018-16889 CVE-2019-3821 UBUNTU-CVE-2018-14662 UBUNTU-CVE-2018-16846

Published: 25 Jun 2019, 11:40

Last modified:22 Apr 2026, 09:58

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Jun 2019, 11:40

Published

Vulnerability first disclosed

22 Apr 2026, 09:58

Last Modified

Vulnerability information updated

Description

ceph vulnerabilities It was discovered that Ceph incorrectly handled read only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-14662) It was discovered that Ceph incorrectly handled certain OMAPs holding bucket indices. An authenticated attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16846) It was discovered that Ceph incorrectly sanitized certain debug logs. A local attacker could possibly use this issue to obtain encryption key information. This issue was only addressed in Ubuntu 18.10 and Ubuntu 19.04. (CVE-2018-16889) It was discovered that Ceph incorrectly handled certain civetweb requests. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-3821)

Affected Systems

ubuntu•ceph
< 10.2.11-0ubuntu0.16.04.2

USN-4035-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)