Source: ceph Version: 14.2.9-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for ceph. CVE-2020-10753[0]: | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object | Gateway). The vulnerability is related to the injection of HTTP | headers via a CORS ExposeHeader tag. The newline character in the | ExposeHeader tag in the CORS configuration file generates a header | injection in the response when the CORS request is made. Ceph versions | 3.x and 4.x are vulnerable to this issue. The fix schould be included in 14.2.10 as well upstream. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-10753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10753 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1840744 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
