What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is CVE-2021-3979.

What is the affected software?

The affected software is Ceph, specifically versions 12.2.13-0ubuntu0.18.04.11, 15.2.17-0ubuntu0.20.04.3, and 17.2.5-0ubuntu0.22.04.3/22.10.3.

How severe is CVE-2021-3979?

The severity of CVE-2021-3979 is not specified in the advisory.

Where can I find more information about CVE-2021-3979?

You can find more information about CVE-2021-3979 in the official Ubuntu security advisory: [CVE-2021-3979](https://ubuntu.com/security/CVE-2021-3979).

Vulnerability/
USN-6063-1

9/5/2023

USN-6063-1: Ceph vulnerabilities

First published: Tue May 09 2023(Updated: )

Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3979) It was discovered that Ceph incorrectly handled the volumes plugin. An attacker could possibly use this issue to obtain access to any share. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-0670) It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-3650) It was discovered that Ceph incorrectly handled URL processing on RGW backends. An attacker could possibly use this issue to cause RGW to crash, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-3854)

Affected Software	Affected Version	How to fix
All of
ubuntu/ceph	<17.2.5-0ubuntu0.22.10.3	17.2.5-0ubuntu0.22.10.3
	=22.10
All of
ubuntu/ceph-base	<17.2.5-0ubuntu0.22.10.3	17.2.5-0ubuntu0.22.10.3
	=22.10
All of
ubuntu/ceph-common	<17.2.5-0ubuntu0.22.10.3	17.2.5-0ubuntu0.22.10.3
	=22.10
All of
ubuntu/ceph	<17.2.5-0ubuntu0.22.04.3	17.2.5-0ubuntu0.22.04.3
	=22.04
All of
ubuntu/ceph-base	<17.2.5-0ubuntu0.22.04.3	17.2.5-0ubuntu0.22.04.3
	=22.04
All of
ubuntu/ceph-common	<17.2.5-0ubuntu0.22.04.3	17.2.5-0ubuntu0.22.04.3
	=22.04
All of
ubuntu/ceph	<15.2.17-0ubuntu0.20.04.3	15.2.17-0ubuntu0.20.04.3
	=20.04
All of
ubuntu/ceph-base	<15.2.17-0ubuntu0.20.04.3	15.2.17-0ubuntu0.20.04.3
	=20.04
All of
ubuntu/ceph-common	<15.2.17-0ubuntu0.20.04.3	15.2.17-0ubuntu0.20.04.3
	=20.04
All of
ubuntu/ceph	<12.2.13-0ubuntu0.18.04.11	12.2.13-0ubuntu0.18.04.11
	=18.04
All of
ubuntu/ceph-base	<12.2.13-0ubuntu0.18.04.11	12.2.13-0ubuntu0.18.04.11
	=18.04
All of
ubuntu/ceph-common	<12.2.13-0ubuntu0.18.04.11	12.2.13-0ubuntu0.18.04.11
	=18.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is CVE-2021-3979.
What is the affected software?
The affected software is Ceph, specifically versions 12.2.13-0ubuntu0.18.04.11, 15.2.17-0ubuntu0.20.04.3, and 17.2.5-0ubuntu0.22.04.3/22.10.3.
How severe is CVE-2021-3979?
The severity of CVE-2021-3979 is not specified in the advisory.
Where can I find more information about CVE-2021-3979?
You can find more information about CVE-2021-3979 in the official Ubuntu security advisory: [CVE-2021-3979](https://ubuntu.com/security/CVE-2021-3979).

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
anchor-related/USN-6292-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/22.10
version/ubuntu ubuntu/22.04
version/ubuntu ubuntu/20.04
version/ubuntu ubuntu/18.04