ceph: fix CVE-2020-10736 - linux/meta-virtualization.git - Mirror of git.yoctoproject.org/meta-virtualization

diff options

author	jason.lau <Haitao.Liu@windriver.com>	2020-07-03 17:28:26 +0800
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2020-07-06 16:29:00 -0400
commit	ffd787fb850e5a1657a01febc8402c74832147a1 (patch)
tree	960e42d790e86f44a1309345c3265c681d8415f3 /recipes-networking/openvswitch/openvswitch-git/systemd-update-tool-paths.patch
parent	5c2de3daedd3f65171b9debf938683ce6e7746ea (diff)
download	meta-virtualization-ffd787fb850e5a1657a01febc8402c74832147a1.tar.gz

ceph: fix CVE-2020-10736

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. Upstream patches: [master] https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 [v15.2.2] https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 CVE: CVE-2020-10736 Signed-off-by: Liu Haitao <haitao.liu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

Diffstat (limited to 'recipes-networking/openvswitch/openvswitch-git/systemd-update-tool-paths.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: