|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2020-10753: ceph: HTTP header injection via CORS ExposeHeader tag | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexandros Toptsoglou <atoptsoglou> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | alekshmanan, atoptsoglou, ceph-bugs, holgi, wolfgang.frisch |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/260191/ | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Comment 8
Alexandros Toptsoglou
2020-06-25 13:04:13 UTC
SUSE-SU-2020:1748-1: An update that solves one vulnerability and has 9 fixes is now available. Category: security (important) Bug References: 1126230,1136082,1157607,1161096,1162553,1171670,1171921,1171960,1171961,1171963 CVE References: CVE-2020-10753 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): ceph-12.2.13+git.1592168685.85110a3e9d-2.50.1 SUSE OpenStack Cloud 8 (src): ceph-12.2.13+git.1592168685.85110a3e9d-2.50.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): ceph-12.2.13+git.1592168685.85110a3e9d-2.50.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): ceph-12.2.13+git.1592168685.85110a3e9d-2.50.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): ceph-12.2.13+git.1592168685.85110a3e9d-2.50.1 SUSE Linux Enterprise Server 12-SP5 (src): ceph-12.2.13+git.1592168685.85110a3e9d-2.50.1 SUSE Linux Enterprise Server 12-SP4 (src): ceph-12.2.13+git.1592168685.85110a3e9d-2.50.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): ceph-12.2.13+git.1592168685.85110a3e9d-2.50.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): ceph-12.2.13+git.1592168685.85110a3e9d-2.50.1 SUSE Enterprise Storage 5 (src): ceph-12.2.13+git.1592168685.85110a3e9d-2.50.1 HPE Helion Openstack 8 (src): ceph-12.2.13+git.1592168685.85110a3e9d-2.50.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2020:1747-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1171921 CVE References: CVE-2020-10753 Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): ceph-14.2.9.970+ged84cae0c9-3.41.1 SUSE Enterprise Storage 6 (src): ceph-14.2.9.970+ged84cae0c9-3.41.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. The maintenance updates appear to be shipping now. Handing the bug back to Security Team. openSUSE-SU-2020:0898-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1171921 CVE References: CVE-2020-10753 Sources used: openSUSE Leap 15.1 (src): ceph-14.2.9.970+ged84cae0c9-lp151.2.19.1, ceph-test-14.2.9.970+ged84cae0c9-lp151.2.19.1 Done SUSE-SU-2020:3257-1: An update that solves one vulnerability and has 35 fixes is now available. Category: security (moderate) Bug References: 1151612,1152100,1155045,1155262,1156087,1156409,1158257,1159689,1160626,1161718,1162553,1163119,1164571,1165713,1165835,1165840,1166297,1166393,1166624,1166670,1166932,1167477,1168403,1169134,1169356,1170487,1170938,1171367,1171921,1171956,1172142,1173339,1174591,1175061,1175240,1175781 CVE References: CVE-2020-10753 JIRA References: Sources used: SUSE Enterprise Storage 6 (src): deepsea-0.9.33+git.0.ed16d26e-3.27.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. |