RedHat: RHSA-2019-4353:01 Moderate: Red Hat Ceph Storage security, bug fix,

    Date 19 Dec 2019
    606
    Posted By LinuxSecurity Advisories
    An update is now available for Red Hat Ceph Storage 3.3 that runs on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Red Hat Ceph Storage security, bug fix, and enhancement update
    Advisory ID:       RHSA-2019:4353-01
    Product:           Red Hat Ceph Storage
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:4353
    Issue date:        2019-12-19
    CVE Names:         CVE-2019-19337 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat Ceph Storage 3.3 that runs on Red
    Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Ceph Storage 3.3 MON - ppc64le, x86_64
    Red Hat Ceph Storage 3.3 OSD - ppc64le, x86_64
    Red Hat Ceph Storage 3.3 Tools - noarch, ppc64le, x86_64
    
    3. Description:
    
    Red Hat Ceph Storage is a scalable, open, software-defined storage platform
    that combines the most stable version of the Ceph storage system with a
    Ceph management platform, deployment utilities, and support services.
    
    Security Fix(es):
    
    * ceph: denial of service in RGW daemon (CVE-2019-19337)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es) and Enhancement(s):
    
    For detailed information on changes in this release, see the Red Hat Ceph
    Storage 3.3 Release Notes available at:
    
    https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3.3/html
    - -single/release_notes/index
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1552210 - [ceph-ansible] [ceph-container] : failed to add new mgr with '--limit' option - trying to copy mgr keyring without generating
    1569689 - MDS rolling-upgrade process needs to be changed to follow new recommendations
    1603551 - OSP13 deploy fails pg count exceeds max
    1616159 - [ceph-ansible] [ceph-container] : switch from rpm to containerized - OSDs not coming up after the switch saying encrypted device still in use
    1622729 - remove warnings for unsupported variables
    1623580 - [RFE] Prevent customers from installing an OSD device on the same disk as the OS
    1638904 - lv-create.yml/lv-teardown.yml should fail if lv_vars.yaml has not been edited
    1640525 - [Ceph-Ansible] Missing fourth and fifth scenarios in osds.yml.sample
    1644611 - [RFE] Listing ceph-disk’s OSDs
    1646456 - [ceph-ansible] - ubuntu - playbook must fail if debian rhcs packages are not installed
    1654790 - ceph-validate : No clear error when osd_scenario is not set
    1664112 - Cache size is not created correctly in a hyperconverged installation when using the is_hci flag
    1665877 - RBD mirroring configuration issue with ceph-ansible
    1734513 - all users has access to read ceph manager client keyring files
    1744529 - fetching config overrides can result in crash due to unsafe observer calls
    1749097 - ceph-ansible filestore fails to start containerized OSD when using block device like /dev/loop3
    1749124 - Invalid bucket added to reshard list cannot be removed
    1749489 - [RFE] Support use of SSE-S3 headers in RGW with AES256 server side default encryption
    1749874 - [RHCS 3][RFE] Adding Placement Group id in Large omap log message
    1750115 - When listing of bucket entries, entries following an entry for which check_disk_state() = -ENOENT may not get listed
    1752163 - [RFE] tools/rados: allow list objects in a specific pg in a pool
    1753942 - [GSS] cephmetrics grafana dashboard do not show disk IOPS/Throughput in RHCS 3.3
    1754432 - [cee/sd][ceph-ansible] when running playbook to push new ceph.conf: ansible-playbook site.yml --tags='ceph_update_config' playbook fails on  "The conditional check 'osd_socket_stat.rc == 0' failed" (for mon_socket_stat too)
    1757298 - [RGW]: Bucket rename creates a duplicate entry in bucket list
    1757400 - please backport speed improvement in chown command in switch to containers
    1765230 - [ceph-ansible]Ceph-mds -allow multimds task is failing
    1765652 - upgrade is broken when no mds is present in inventory
    1769760 - [ceph-ansible] - ceph_repository_type being validated unnecessarily in containerized scenario
    1777050 - STS crashes with uncaught exception when session token is not base64 encoded
    1779158 - [RGW]: Put object ACL fails due to missing content length
    1780688 - /etc/systemd/system/[email protected] contain the wrong OSD container names
    1781170 - CVE-2019-19337 ceph: denial of service in RGW daemon
    
    6. Package List:
    
    Red Hat Ceph Storage 3.3 MON:
    
    Source:
    ceph-12.2.12-84.el7cp.src.rpm
    
    ppc64le:
    ceph-base-12.2.12-84.el7cp.ppc64le.rpm
    ceph-common-12.2.12-84.el7cp.ppc64le.rpm
    ceph-debuginfo-12.2.12-84.el7cp.ppc64le.rpm
    ceph-mgr-12.2.12-84.el7cp.ppc64le.rpm
    ceph-mon-12.2.12-84.el7cp.ppc64le.rpm
    ceph-selinux-12.2.12-84.el7cp.ppc64le.rpm
    libcephfs-devel-12.2.12-84.el7cp.ppc64le.rpm
    libcephfs2-12.2.12-84.el7cp.ppc64le.rpm
    librados-devel-12.2.12-84.el7cp.ppc64le.rpm
    librados2-12.2.12-84.el7cp.ppc64le.rpm
    libradosstriper1-12.2.12-84.el7cp.ppc64le.rpm
    librbd-devel-12.2.12-84.el7cp.ppc64le.rpm
    librbd1-12.2.12-84.el7cp.ppc64le.rpm
    librgw-devel-12.2.12-84.el7cp.ppc64le.rpm
    librgw2-12.2.12-84.el7cp.ppc64le.rpm
    python-cephfs-12.2.12-84.el7cp.ppc64le.rpm
    python-rados-12.2.12-84.el7cp.ppc64le.rpm
    python-rbd-12.2.12-84.el7cp.ppc64le.rpm
    python-rgw-12.2.12-84.el7cp.ppc64le.rpm
    
    x86_64:
    ceph-base-12.2.12-84.el7cp.x86_64.rpm
    ceph-common-12.2.12-84.el7cp.x86_64.rpm
    ceph-debuginfo-12.2.12-84.el7cp.x86_64.rpm
    ceph-mgr-12.2.12-84.el7cp.x86_64.rpm
    ceph-mon-12.2.12-84.el7cp.x86_64.rpm
    ceph-selinux-12.2.12-84.el7cp.x86_64.rpm
    ceph-test-12.2.12-84.el7cp.x86_64.rpm
    libcephfs-devel-12.2.12-84.el7cp.x86_64.rpm
    libcephfs2-12.2.12-84.el7cp.x86_64.rpm
    librados-devel-12.2.12-84.el7cp.x86_64.rpm
    librados2-12.2.12-84.el7cp.x86_64.rpm
    libradosstriper1-12.2.12-84.el7cp.x86_64.rpm
    librbd-devel-12.2.12-84.el7cp.x86_64.rpm
    librbd1-12.2.12-84.el7cp.x86_64.rpm
    librgw-devel-12.2.12-84.el7cp.x86_64.rpm
    librgw2-12.2.12-84.el7cp.x86_64.rpm
    python-cephfs-12.2.12-84.el7cp.x86_64.rpm
    python-rados-12.2.12-84.el7cp.x86_64.rpm
    python-rbd-12.2.12-84.el7cp.x86_64.rpm
    python-rgw-12.2.12-84.el7cp.x86_64.rpm
    
    Red Hat Ceph Storage 3.3 OSD:
    
    Source:
    ceph-12.2.12-84.el7cp.src.rpm
    
    ppc64le:
    ceph-base-12.2.12-84.el7cp.ppc64le.rpm
    ceph-common-12.2.12-84.el7cp.ppc64le.rpm
    ceph-debuginfo-12.2.12-84.el7cp.ppc64le.rpm
    ceph-osd-12.2.12-84.el7cp.ppc64le.rpm
    ceph-selinux-12.2.12-84.el7cp.ppc64le.rpm
    libcephfs-devel-12.2.12-84.el7cp.ppc64le.rpm
    libcephfs2-12.2.12-84.el7cp.ppc64le.rpm
    librados-devel-12.2.12-84.el7cp.ppc64le.rpm
    librados2-12.2.12-84.el7cp.ppc64le.rpm
    libradosstriper1-12.2.12-84.el7cp.ppc64le.rpm
    librbd-devel-12.2.12-84.el7cp.ppc64le.rpm
    librbd1-12.2.12-84.el7cp.ppc64le.rpm
    librgw-devel-12.2.12-84.el7cp.ppc64le.rpm
    librgw2-12.2.12-84.el7cp.ppc64le.rpm
    python-cephfs-12.2.12-84.el7cp.ppc64le.rpm
    python-rados-12.2.12-84.el7cp.ppc64le.rpm
    python-rbd-12.2.12-84.el7cp.ppc64le.rpm
    python-rgw-12.2.12-84.el7cp.ppc64le.rpm
    
    x86_64:
    ceph-base-12.2.12-84.el7cp.x86_64.rpm
    ceph-common-12.2.12-84.el7cp.x86_64.rpm
    ceph-debuginfo-12.2.12-84.el7cp.x86_64.rpm
    ceph-osd-12.2.12-84.el7cp.x86_64.rpm
    ceph-selinux-12.2.12-84.el7cp.x86_64.rpm
    ceph-test-12.2.12-84.el7cp.x86_64.rpm
    libcephfs-devel-12.2.12-84.el7cp.x86_64.rpm
    libcephfs2-12.2.12-84.el7cp.x86_64.rpm
    librados-devel-12.2.12-84.el7cp.x86_64.rpm
    librados2-12.2.12-84.el7cp.x86_64.rpm
    libradosstriper1-12.2.12-84.el7cp.x86_64.rpm
    librbd-devel-12.2.12-84.el7cp.x86_64.rpm
    librbd1-12.2.12-84.el7cp.x86_64.rpm
    librgw-devel-12.2.12-84.el7cp.x86_64.rpm
    librgw2-12.2.12-84.el7cp.x86_64.rpm
    python-cephfs-12.2.12-84.el7cp.x86_64.rpm
    python-rados-12.2.12-84.el7cp.x86_64.rpm
    python-rbd-12.2.12-84.el7cp.x86_64.rpm
    python-rgw-12.2.12-84.el7cp.x86_64.rpm
    
    Red Hat Ceph Storage 3.3 Tools:
    
    Source:
    ceph-12.2.12-84.el7cp.src.rpm
    ceph-ansible-3.2.38-1.el7cp.src.rpm
    cephmetrics-2.0.9-1.el7cp.src.rpm
    
    noarch:
    ceph-ansible-3.2.38-1.el7cp.noarch.rpm
    
    ppc64le:
    ceph-base-12.2.12-84.el7cp.ppc64le.rpm
    ceph-common-12.2.12-84.el7cp.ppc64le.rpm
    ceph-debuginfo-12.2.12-84.el7cp.ppc64le.rpm
    ceph-fuse-12.2.12-84.el7cp.ppc64le.rpm
    ceph-mds-12.2.12-84.el7cp.ppc64le.rpm
    ceph-radosgw-12.2.12-84.el7cp.ppc64le.rpm
    ceph-selinux-12.2.12-84.el7cp.ppc64le.rpm
    libcephfs-devel-12.2.12-84.el7cp.ppc64le.rpm
    libcephfs2-12.2.12-84.el7cp.ppc64le.rpm
    librados-devel-12.2.12-84.el7cp.ppc64le.rpm
    librados2-12.2.12-84.el7cp.ppc64le.rpm
    libradosstriper1-12.2.12-84.el7cp.ppc64le.rpm
    librbd-devel-12.2.12-84.el7cp.ppc64le.rpm
    librbd1-12.2.12-84.el7cp.ppc64le.rpm
    librgw-devel-12.2.12-84.el7cp.ppc64le.rpm
    librgw2-12.2.12-84.el7cp.ppc64le.rpm
    python-cephfs-12.2.12-84.el7cp.ppc64le.rpm
    python-rados-12.2.12-84.el7cp.ppc64le.rpm
    python-rbd-12.2.12-84.el7cp.ppc64le.rpm
    python-rgw-12.2.12-84.el7cp.ppc64le.rpm
    rbd-mirror-12.2.12-84.el7cp.ppc64le.rpm
    
    x86_64:
    ceph-base-12.2.12-84.el7cp.x86_64.rpm
    ceph-common-12.2.12-84.el7cp.x86_64.rpm
    ceph-debuginfo-12.2.12-84.el7cp.x86_64.rpm
    ceph-fuse-12.2.12-84.el7cp.x86_64.rpm
    ceph-mds-12.2.12-84.el7cp.x86_64.rpm
    ceph-radosgw-12.2.12-84.el7cp.x86_64.rpm
    ceph-selinux-12.2.12-84.el7cp.x86_64.rpm
    cephmetrics-ansible-2.0.9-1.el7cp.x86_64.rpm
    libcephfs-devel-12.2.12-84.el7cp.x86_64.rpm
    libcephfs2-12.2.12-84.el7cp.x86_64.rpm
    librados-devel-12.2.12-84.el7cp.x86_64.rpm
    librados2-12.2.12-84.el7cp.x86_64.rpm
    libradosstriper1-12.2.12-84.el7cp.x86_64.rpm
    librbd-devel-12.2.12-84.el7cp.x86_64.rpm
    librbd1-12.2.12-84.el7cp.x86_64.rpm
    librgw-devel-12.2.12-84.el7cp.x86_64.rpm
    librgw2-12.2.12-84.el7cp.x86_64.rpm
    python-cephfs-12.2.12-84.el7cp.x86_64.rpm
    python-rados-12.2.12-84.el7cp.x86_64.rpm
    python-rbd-12.2.12-84.el7cp.x86_64.rpm
    python-rgw-12.2.12-84.el7cp.x86_64.rpm
    rbd-mirror-12.2.12-84.el7cp.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-19337
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXfu6bNzjgjWX9erEAQgNGhAAoOJN8Eon62ognwnqihKdhvmZyVUr/c0p
    1oQ86iPhdGZFq5bMz0HK/WcrTwMmMqR1RSuEOAc7eWMttBvgGQTLlFK62toZH1Oj
    fa0EPUqG0rn0+2ckPunbP+Xp18nyvPS02QCNZcMkVTJDUCkETJAGamWQWK0sHmDN
    5RDPHb1J+6bH/ykpRohHM3PTZFL7v4izxyAZarJ1+Rvtqty2ZniUMTjQvKBuj9us
    vYywD4vpadociA0KLjQeHSuatuFqG1uxqeJVJj7SJ3FQrDZG6ck521MWplMSyYvw
    XPgtoLEN0I2cdNzapQuwjEvgwjSrbTfOI4j7lbT4cXPJ/7BeHI4MeB40miHWAUn+
    aoi6A0qgtpx/QpdAQdIZQFM9IsJ9pyhrFFMCUyWOwbrzD6+1B2L4gs+LlmRqYF/J
    G2PVRMq5tzQTBJSo7UlIJykP7yUzTpKBbURWo+IB765+GarZen0OG4R4Me8z5U2l
    bS+5IVhkFvIQuZElI2LONFor3+pbQpx2rCCJohgpdelJ/A2TK96NiRwxhszelU27
    N1hchXLTeIOK0SPPqigHKcLaDNJ8OOpBSdDeK1RqHRJKbSss+brp8ekIcscLJaWd
    t/hd2kIornjXg4HuJ+vLoHEqFkOt/aBfcqt1AyAkvzALhmOmVSNQ2KhkTDtb8FIK
    nxj4PAFfhG4=
    =2cj5
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    Are you planning to use the 1Password password manager now that it is available to Linux users?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/35-are-you-planning-to-use-the-1password-password-manager-now-that-it-is-available-to-linux-users?task=poll.vote&format=json
    35
    radio
    [{"id":"122","title":"Yes","votes":"1","type":"x","order":"1","pct":20,"resources":[]},{"id":"123","title":"No ","votes":"3","type":"x","order":"2","pct":60,"resources":[]},{"id":"124","title":"Not sure at the moment","votes":"1","type":"x","order":"3","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.