This bug was fixed in the package ceph - 15.2.12-0ubuntu0.20.04.1~cloud0
---------------
ceph (15.2.12-0ubuntu0.20.04.1~cloud0) bionic-ussuri; urgency=medium
.
* New upstream release for the Ubuntu Cloud Archive.
.
ceph (15.2.12-0ubuntu0.20.04.1) focal-security; urgency=medium
.
* SECURITY UPDATE: New upstream release (LP: #1929179):
- CVE-2021-3509: Dashboard XSS via token cookie.
- CVE-2021-3531: Swift API denial of service.
- CVE-2021-3531: HTTP header injects via CORS in RGW.
This bug was fixed in the package ceph - 15.2.12- 0ubuntu0. 20.04.1~ cloud0
---------------
ceph (15.2.12- 0ubuntu0. 20.04.1~ cloud0) bionic-ussuri; urgency=medium 0ubuntu0. 20.04.1) focal-security; urgency=medium
.
* New upstream release for the Ubuntu Cloud Archive.
.
ceph (15.2.12-
.
* SECURITY UPDATE: New upstream release (LP: #1929179):
- CVE-2021-3509: Dashboard XSS via token cookie.
- CVE-2021-3531: Swift API denial of service.
- CVE-2021-3531: HTTP header injects via CORS in RGW.