Red Hat 4.2: RHSA-2021:0081-01 Important: Credential Theft Issue
red hat
January 12, 2021
An update is now available for Red Hat Ceph Storage 4.2
Solution
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Summary
Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.
The ceph-ansible package provides Ansible playbooks for installing,
maintaining, and upgrading Red Hat Ceph Storage.
This package contains a new implementation of the original libtirpc,
transport-independent RPC (TI-RPC) library for NFS-Ganesha.
NFS-GANESHA is a NFS Server running in user space. It comes with various
back-end modules (called FSALs) provided as shared objects to support
different file systems and name-spaces.
Security Fix(es):
* ceph: User credentials can be manipulated and stolen by Native CephFS
consumers of OpenStack Manila (CVE-2020-27781)
* ceph: CEPHX_V2 replay attack protection lost (CVE-2020-25660)
* ceph-ansible: insecure ownership on /etc/ceph/iscsi-gateway.conf
configuration file (CVE-2020-25677)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
These updated packages include numerous bug fixes. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Ceph Storage 4.2 Release Notes for information on the most
significant of these changes:
/release_notes/
All users of Red Hat Ceph Storage are advised to upgrade to these updated
packages, which provide numerous bug fixes.
References
https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/cve/CVE-2020-25677 https://access.redhat.com/security/cve/CVE-2020-27781 https://access.redhat.com/security/updates/classification#important
Package List
Red Hat Ceph Storage 4.2 MON:
Source:
ceph-14.2.11-95.el7cp.src.rpm
python-repoze-lru-0.7-8.el7cp.src.rpm
noarch:
ceph-grafana-dashboards-14.2.11-95.el7cp.noarch.rpm
ceph-mgr-dashboard-14.2.11-95.el7cp.noarch.rpm
ceph-mgr-diskprediction-local-14.2.11-95.el7cp.noarch.rpm
ceph-mgr-k8sevents-14.2.11-95.el7cp.noarch.rpm
ceph-mgr-rook-14.2.11-95.el7cp.noarch.rpm
python2-repoze-lru-0.7-8.el7cp.noarch.rpm
ppc64le:
ceph-base-14.2.11-95.el7cp.ppc64le.rpm
ceph-common-14.2.11-95.el7cp.ppc64le.rpm
ceph-debuginfo-14.2.11-95.el7cp.ppc64le.rpm
ceph-mgr-14.2.11-95.el7cp.ppc64le.rpm
ceph-mon-14.2.11-95.el7cp.ppc64le.rpm
ceph-selinux-14.2.11-95.el7cp.ppc64le.rpm
ceph-test-14.2.11-95.el7cp.ppc64le.rpm
libcephfs-devel-14.2.11-95.el7cp.ppc64le.rpm
libcephfs2-14.2.11-95.el7cp.ppc64le.rpm
librados-devel-14.2.11-95.el7cp.ppc64le.rpm
librados2-14.2.11-95.el7cp.ppc64le.rpm
libradospp-devel-14.2.11-95.el7cp.ppc64le.rpm
libradosstriper1-14.2.11-95.el7cp.ppc64le.rpm
librbd-devel-14.2.11-95.el7cp.ppc64le.rpm
librbd1-14.2.11-95.el7cp.ppc64le.rpm
librgw-devel-14.2.11-95.el7cp.ppc64le.rpm
librgw2-14.2.11-95.el7cp.ppc64le.rpm
python-ceph-argparse-14.2.11-95.el7cp.ppc64le.rpm
python-cephfs-14.2.11-95.el7cp.ppc64le.rpm
python-rados-14.2.11-95.el7cp.ppc64le.rpm
python-rbd-14.2.11-95.el7cp.ppc64le.rpm
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2021:0081-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0081
Issue date: 2021-01-12
Topic
An update is now available for Red Hat Ceph Storage 4.2.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Ceph Storage 4.2 MON - noarch, ppc64le, s390x, x86_64
Red Hat Ceph Storage 4.2 OSD - ppc64le, s390x, x86_64
Red Hat Ceph Storage 4.2 Tools - noarch, ppc64le, s390x, x86_64
Bugs Fixed
1582280 - RFE: Standard log collection via ceph-ansible
1731158 - [RFE] multisite playbook to verify connectivity amongst two sites
1763021 - Gettting warning messages while executing rbd CLI commands
1774428 - Live image migration command "Abort" is not working as expected
1774605 - Ceph 4 building outdated 8 years old version of python-repoze-lru
1786106 - [iscsi]:avc denial on rbd-target-api from ioctl access
1791911 - Validate host can proceed in NOTOK if Cluster Type was originally Development/POC
1800382 - Support 2-site Stretch Clusters in RADOS
1826690 - [Ceph-dashboard] Pool: Performance Details showing wrong capacity usage
1828246 - [GSS]Ceph installation via Cockpit fails with "Systemd must be present"
1829214 - ansible-runner-service does not remove hosts from previous runs
1830375 - cpu stats incorrectly displayed
1831299 - cephfs/Filesystem component fails when clicked on "clients" tab
1831682 - [ansible-runner-service] : auto generated ssh_key permission hindering users to use ceph-ansible for day-2 operations
1836431 - Support Deployment with Autoscaler on existing cluster
1841436 - [RFE] Need support for including rgw interface without enabling multi-site option in multi-site cluster.
1845501 - ls command hangs on nfs ganesha mountpoint with ERROR in ganesha log: FSAL :CRIT :Invoking unsupported FSAL operation
1847166 - [RFE] Ceph ansible doesn't update crush map based on device classes
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!