Thank you for your patience with this issue. This morning, we finished our embargo period on this bug. MITRE will be notified about the patch submissions to the Ceph project - at which point the CVE page [1] will be available publicly. These are the associated patch links:
You will see these show up in releases of Ceph Octopus and Ceph Nautilus. The patch to Luminous has been provided for courtesy, the ceph community no longer produces updates for that release. Please see the Ceph Release Guide for more information on the Ceph release train [2].
I'm now converting this bug to "Public", and since there are no changes to OpenStack Manila code that are necessary, you will see me publishing a security note to the mailing lists with details about this vulnerability and recommendations.
Hello all,
Thank you for your patience with this issue. This morning, we finished our embargo period on this bug. MITRE will be notified about the patch submissions to the Ceph project - at which point the CVE page [1] will be available publicly. These are the associated patch links:
Ceph Octopus: https:/ /github. com/ceph/ ceph/commit/ 1b8a634fdcd94df b3ba650793fb1b6 d09af65e05 /github. com/ceph/ ceph/commit/ 7e3e4e73783a98b b07ab399438eb3a ab41a6fc8b /github. com/ceph/ ceph/commit/ 956ceb853a58f6b 6847b31fac34f2f 0228a70579
Ceph Nautilus: https:/
Ceph Luminous: https:/
You will see these show up in releases of Ceph Octopus and Ceph Nautilus. The patch to Luminous has been provided for courtesy, the ceph community no longer produces updates for that release. Please see the Ceph Release Guide for more information on the Ceph release train [2].
I'm now converting this bug to "Public", and since there are no changes to OpenStack Manila code that are necessary, you will see me publishing a security note to the mailing lists with details about this vulnerability and recommendations.
The OpenStack Security Note is under review here: https:/ /review. opendev. org/767417
[1] https:/ /cve.mitre. org/cgi- bin/cvename. cgi?name= 2020-27781 /docs.ceph. com/en/ latest/ releases/ general/
[2] https:/