Package: ceph-base Version: 16.2.10+ds-3 Severity: serious Tags: security ceph-crash.service as shipped by ceph-base is vulnerable to CVE-2022-3650, which is a privilege escalation from the ceph user to root. Please refer to the notes from https://security-tracker.debian.org/tracker/CVE-2022-3650 for more details:
| https://www.openwall.com/lists/oss-security/2022/10/25/1 | https://tracker.ceph.com/issues/57967 | https://github.com/ceph/ceph/pull/48713 | https://github.com/ceph/ceph/commit/45915540559126a652f8d9d105723584cfc63439 (main) | https://github.com/ceph/ceph/commit/130c9626598bc3a75942161e6cce7c664c447382 (main) | Backport to Pacific: https://github.com/ceph/ceph/pull/48804 | Backport to Quincy: https://github.com/ceph/ceph/pull/48805 Helmut