Mageia 2023-0139: ceph security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
MGASA-2023-0139 - Updated ceph packages fix security vulnerability

Publication date: 15 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0139.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-0670,
     CVE-2022-3650

Openstack manilla owning a Ceph File system "share", enables the owner to
read/write any manilla share or entire file system. The vulnerability is
due to a bug in the "volumes" plugin in Ceph Manager. This allows an
attacker to compromise Confidentiality and Integrity of a file system.
(CVE-2022-0670)
Privilege escalation and privileged information disclosure (CVE-2022-3650)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30677
- https://docs.ceph.com/en/latest/security/CVE-2022-0670/
- https://github.com/ceph/ceph/pull/48713/commits
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0670
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3650

SRPMS:
- 8/core/ceph-15.2.17-1.mga8

Mageia 2023-0139: ceph security update

Openstack manilla owning a Ceph File system "share", enables the owner to read/write any manilla share or entire file system

Summary

Openstack manilla owning a Ceph File system "share", enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. (CVE-2022-0670) Privilege escalation and privileged information disclosure (CVE-2022-3650)

References

- https://bugs.mageia.org/show_bug.cgi?id=30677

- https://docs.ceph.com/en/latest/security/CVE-2022-0670/

- https://github.com/ceph/ceph/pull/48713/commits

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0670

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3650

Resolution

MGASA-2023-0139 - Updated ceph packages fix security vulnerability

SRPMS

- 8/core/ceph-15.2.17-1.mga8

Severity
Publication date: 15 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0139.html
Type: security
CVE: CVE-2022-0670, CVE-2022-3650

Related News

OpenBSD 7.3 Released With AMD RDNA3 Graphics, Guided Disk Encryption

Latest Release of EuroLinux Desktop – What Will We Find in Version 9.1?

Tails 5.11 Amnesic Incognito Live System Switches to ZRam and Linux Kernel 6.1 LTS

Worried About Security Patching? Here's Why You Need to Switch to Ubuntu Pro

News

Advisories

HOWTOs

Features

Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation
Best Practices for PHP Security
Why Cloud Linux Is Beneficial for E-Commerce Stores

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy