Re: [Ceph-maintainers] v14.2.20 Nautilus released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 20, 2021 at 2:01 AM David Galloway <dgallowa@xxxxxxxxxx> wrote:
>
> This is the 20th bugfix release in the Nautilus stable series.  It
> addresses a security vulnerability in the Ceph authentication framework.
> We recommend users to update to this release. For a detailed release
> notes with links & changelog please refer to the official blog entry at
> https://ceph.io/releases/v14-2-20-nautilus-released
>
> Security Fixes
> --------------
>
> * This release includes a security fix that ensures the global_id value
> (a numeric value that should be unique for every authenticated client or
> daemon in the cluster) is reclaimed after a network disconnect or ticket
> renewal in a secure fashion.  Two new health alerts may appear during
> the upgrade indicating that there are clients or daemons that are not
> yet patched with the appropriate fix.

The link in the blog entry should point at

https://docs.ceph.com/en/latest/security/CVE-2021-20288/

Please refer there for details and recommendations.

Thanks,

                Ilya
_______________________________________________
Dev mailing list -- dev@xxxxxxx
To unsubscribe send an email to dev-leave@xxxxxxx



[Index of Archives]     [CEPH Users]     [Ceph Devel]     [Ceph Large]     [Information on CEPH]     [Linux BTRFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux