Home / mailings [USN-7706-1] Ceph vulnerabilities
Posted on 21 August 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7706-1
August 20, 2025
ceph vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Ceph.
Software Description:
- ceph: distributed storage and file system
Details:
It was discovered that Ceph incorrectly handled read-only permissions. An
authenticated attacker could use this issue to obtain dm-crypt encryption
keys. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-14662)
Sergey Bobrov discovered that Ceph's RadosGW (Ceph Object Gateway) allowed
the injection of HTTP headers in responses to CORS requests. An attacker
could possibly use this issue to compromise system integrity. This issue
only
affected Ubuntu 16.04 LTS. (CVE-2021-3524)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
ceph 10.2.11-0ubuntu0.16.04.3+esm2
Available with Ubuntu Pro
ceph-common 10.2.11-0ubuntu0.16.04.3+esm2
Available with Ubuntu Pro
radosgw 10.2.11-0ubuntu0.16.04.3+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
ceph 0.80.11-0ubuntu1.14.04.4+esm3
Available with Ubuntu Pro
ceph-common 0.80.11-0ubuntu1.14.04.4+esm3
Available with Ubuntu Pro
radosgw 0.80.11-0ubuntu1.14.04.4+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7706-1
CVE-2018-14662, CVE-2021-3524
--===============8410780758902444874==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
