Explore top 10 tips to secure your open-source projects now. Read More
×
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.
Security Fix(es):
* ceph: ListBucket max-keys has no defined limit in the RGW codebase
(CVE-2018-16846)
* ceph: debug logging for v4 auth does not sanitize encryption keys
(CVE-2018-16889)
* ceph: authenticated user with read only permissions can steal dm-crypt /
LUKS key (CVE-2018-14662)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es) and Enhancement(s):
For detailed information on changes in this release, see the Red Hat Ceph
Storage 3.3 Release Notes available at:
/release_notes/index
https://access.redhat.com/security/cve/CVE-2018-14662 https://access.redhat.com/security/cve/CVE-2018-16846 https://access.redhat.com/security/cve/CVE-2018-16889 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_ceph_storage/3.3/html/release_notes/index
Red Hat Ceph Storage 3.3 MON:
Source:
ceph-12.2.12-45.el7cp.src.rpm
ppc64le:
ceph-base-12.2.12-45.el7cp.ppc64le.rpm
ceph-common-12.2.12-45.el7cp.ppc64le.rpm
ceph-debuginfo-12.2.12-45.el7cp.ppc64le.rpm
ceph-mgr-12.2.12-45.el7cp.ppc64le.rpm
ceph-mon-12.2.12-45.el7cp.ppc64le.rpm
ceph-selinux-12.2.12-45.el7cp.ppc64le.rpm
libcephfs-devel-12.2.12-45.el7cp.ppc64le.rpm
libcephfs2-12.2.12-45.el7cp.ppc64le.rpm
librados-devel-12.2.12-45.el7cp.ppc64le.rpm
librados2-12.2.12-45.el7cp.ppc64le.rpm
libradosstriper1-12.2.12-45.el7cp.ppc64le.rpm
librbd-devel-12.2.12-45.el7cp.ppc64le.rpm
librbd1-12.2.12-45.el7cp.ppc64le.rpm
librgw-devel-12.2.12-45.el7cp.ppc64le.rpm
librgw2-12.2.12-45.el7cp.ppc64le.rpm
python-cephfs-12.2.12-45.el7cp.ppc64le.rpm
python-rados-12.2.12-45.el7cp.ppc64le.rpm
python-rbd-12.2.12-45.el7cp.ppc64le.rpm
python-rgw-12.2.12-45.el7cp.ppc64le.rpm
x86_64:
ceph-base-12.2.12-45.el7cp.x86_64.rpm
ceph-common-12.2.12-45.el7cp.x86_64.rpm
ceph-debuginfo-12.2.12-45.el7cp.x86_64.rpm
ceph-mgr-12.2.12-45.el7cp.x86_64.rpm
ceph-mon-12.2.12-45.el7cp.x86_64.rpm
ceph-selinux-12.2.12-45.el7cp.x86_64.rpm
ceph-test-12.2.12-45.el7cp.x86_64.rpm
libcephfs-devel-12.2.12-45.el7cp.x86_64.rpm
libcephfs2-12.2.12-45.el7cp.x86_64.rpm
librados-devel-12.2.12-45.el7cp.x86_64.rpm
Read the Full Advisory
An update is now available for Red Hat Ceph Storage 3.3 on Red HatEnterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Red Hat Ceph Storage 3.3 MON - ppc64le, x86_64
Red Hat Ceph Storage 3.3 OSD - ppc64le, x86_64
Red Hat Ceph Storage 3.3 Tools - noarch, ppc64le, x86_64
1337915 - purge-cluster.yml confused by presence of ceph installer, ceph kernel threads
1572933 - infrastructure-playbooks/shrink-osd.yml leaves behind NVMe partition; scenario non-collocated
1599852 - radosgw-admin bucket rm --bucket=${bucket} --bypass-gc --purge-objects not cleaning up objects in secondary site
1627567 - MDS fails heartbeat map due to export size
1628309 - MDS should handle large exports in parts
1628311 - MDS balancer may stop prematurely
1631010 - batch: allow journal+block.db sizing on the CLI
1636136 - [cee/sd] add ceph_docker_registry to group_vars/all.yml.sample same way as ceph-ansible does allowing custom registry for systems without direct internet access
1637327 - CVE-2018-14662 ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key
1639712 - dynamic bucket resharding unexpected behavior
1644321 - lvm scenario - stderr: Device /dev/sdb excluded by a filter
1644461 - CVE-2018-16846 ceph: ListBucket max-keys has no defined limit in the RGW codebase
1644610 - [RFE] allow --no-systemd flag for 'simple' sub-command
1644847 - [RFE] ceph-volume zap enhancements based on the OSD ID instead of a device
1651054 - [iSCSI-container] - After cluster purge and recreation, iSCSI target creation failed.
1656908 - [ceph-ansible] Ceph nfs installation fails at task start nfs gateway service in ubuntu ipv6 deployment
Get the latest Linux and open source security news straight to your inbox.