oss-sec mailing list archives

Re: CVE-2021-3979 ceph: Ceph volume does not honour osd_dmcrypt_key_size


From: Ana McTaggart <amctagga () redhat com>
Date: Wed, 12 Jan 2022 10:54:42 -0500

Here is our patch :)

Ana McTaggart

Red Hat Product Security

Red Hat Remote <https://www.redhat.com>


secalert () redhat com for urgent response


amct () redhat com


M: +1 (774)279-0791 <7742790791>     IM: amctagga


Pronouns:They/Them/Theirs



On Wed, Jan 12, 2022 at 7:54 AM Sven Kieske <S.Kieske () mittwald de> wrote:

On Di, 2022-01-11 at 22:52 -0600, John Helmert III wrote:
Was a patch meant to be attached? Is there any report or PR upstream?

There is at least no new commit in
https://github.com/ceph/ceph/blob/master/src/ceph-volume/ceph_volume/util/encryption.py

from a cursory glance at the open PRs I also don't see anything related,
but I just might have missed it.

There is also no tracking bug at https://tracker.ceph.com when searching
for this CVE number.

--
Mit freundlichen Grüßen / Regards

Sven Kieske
Systementwickler / systems engineer


Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp

Tel.: 05772 / 293-900
Fax: 05772 / 293-333

https://www.mittwald.de

Geschäftsführer: Robert Meyer, Florian Jürgens

St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen

Informationen zur Datenverarbeitung im Rahmen unserer Geschäftstätigkeit
gemäß Art. 13-14 DSGVO sind unter www.mittwald.de/ds abrufbar.


Attachment: encryption.py.patch
Description:


Current thread: