Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

Related bugs and status

CVE-2018-16889 (Candidate) is related to these bugs:

Bug #1831732: [SRU] ceph 13.2.6

		In	Importance	Status
1831732	[SRU] ceph 13.2.6	ceph (Ubuntu)	Undecided	Invalid
1831732	[SRU] ceph 13.2.6	ceph (Ubuntu Disco)	Medium	Fix Released
1831732	[SRU] ceph 13.2.6	ceph (Ubuntu Cosmic)	Medium	Won't Fix
1831732	[SRU] ceph 13.2.6	Ubuntu Cloud Archive	Medium	Fix Released
1831732	[SRU] ceph 13.2.6	Ubuntu Cloud Archive rocky	Medium	Fix Committed
1831732	[SRU] ceph 13.2.6	Ubuntu Cloud Archive stein	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: https://access.redhat....
MISC: https://access.redhat....
MISC: https://usn.ubuntu.com...
MISC: https://bugzilla.redha...