Vulnerability CVE-2018-16889: Information
Description
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
ceph | sisyphus | 14.2.0-alt1 | 18.2.2-alt1 | ALT-PU-2019-1500-1 | 225431 | Fixed |
ceph | p10 | 14.2.0-alt1 | 17.2.7-alt2 | ALT-PU-2019-1500-1 | 225431 | Fixed |
ceph | p9 | 14.2.0-alt1 | 14.2.22-alt1 | ALT-PU-2019-1500-1 | 225431 | Fixed |
ceph | p8 | 12.2.12-alt0.M80P.1 | 12.2.13-alt1 | ALT-PU-2019-1711-1 | 227365 | Fixed |
ceph | c10f1 | 14.2.0-alt1 | 17.2.6-alt2 | ALT-PU-2019-1500-1 | 225431 | Fixed |
ceph | c9f2 | 14.2.0-alt1 | 14.2.22-alt1 | ALT-PU-2019-1500-1 | 225431 | Fixed |
ceph | p11 | 14.2.0-alt1 | 18.2.2-alt1 | ALT-PU-2019-1500-1 | 225431 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889 |
|
106528 |
|
USN-4035-1 | |
RHSA-2019:2541 | |
RHSA-2019:2538 |