Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2021-0083:01 Important: Red Hat Ceph Storage 4.2 security and

    Date 12 Jan 2021
    286
    Posted By LinuxSecurity Advisories
    An update is now available for Red Hat Ceph Storage 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat Ceph Storage 4.2 security and bug fix update
    Advisory ID:       RHSA-2021:0083-01
    Product:           Red Hat Ceph Storage
    Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0083
    Issue date:        2021-01-12
    CVE Names:         CVE-2020-1971 CVE-2020-13379 CVE-2020-24659 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat Ceph Storage 4.2.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Description:
    
    The rhceph-4.2 image is based on Red Hat Ceph Storage 4.2 and Red Hat
    Enterprise Linux.
    
    Security Fix(es):
    
    * grafana: SSRF incorrect access control vulnerability allows
    unauthenticated users to make grafana send HTTP requests to any URL
    (CVE-2020-13379)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    Users are directed to the Red Hat Ceph Storage 4.2 Release Notes for
    information on the most significant of these changes:
    
    https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/4.2/html
    /release_notes/
    
    All users of the rhceph-4.2 image are advised to pull this updated image
    from the Red Hat Ecosystem Catalog.
    
    3. Solution:
    
    For details on how to apply this update, refer to:
    
    https://access.redhat.com/articles/11258
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1843640 - CVE-2020-13379 grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL
    1879672 - /var/log/tcmu-runner.log within tcmu-runner container does not get rotated and log grows without limit.
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2020-1971
    https://access.redhat.com/security/cve/CVE-2020-13379
    https://access.redhat.com/security/cve/CVE-2020-24659
    https://access.redhat.com/security/updates/classification/#important
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2021 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX/2+5dzjgjWX9erEAQiiHg/+JtsZpQPXchWMK9HzG9GoDrPe8PudwpPo
    eDM06woOB2Q4Z1mnro39JQf1C5eKnDMlf7WKzIn2xV2KndMZzsQgH5H0/VkT/zRS
    ZcnmiIrI1nfpxwPXOx/OsWDcGF2wp6i/4Z81T2y2yxJS51XIp5xbP6YW7XL7l/MS
    A2E7X85L9JtsGLW3VFBxF02m8bAiJGg4TdMhJE8Q2U+R756DuNcxw7AcCtg/I/Iu
    V9kVPEy0ZZNqanF5sXSS+qDUtaeNe8YyFo99VHeYqoQ8Ig/JVTkiWo88NJ1QT0Qk
    ZC/sAMYDwcC0pE00fg17DjQh/iS320uitNdd/jfzSb6zqcLNZQpcAOMcPTQ3PkoM
    UumPeGxrQumZ01afoClcAXzPANx+EI2HqE/rMetHJ1QoItfZUq/ZUbolRDiWLM6A
    orb8EkflgwUV+zzgFxZZw0IqMyav73l+RBp3HKPZbevvDcJkelvllExB57MYPPpt
    5fRnlK2Z0Yh71JOTqDBpzjf1+wofZgQRcgs/xTAsAnQyhIqcdY676FRZ5VUio46Q
    qbIPf8atUJnk9dBKsOgFU2jmTXxBZCZ6Ms0oJH9zx0XD4OTFoDF+xItnkpUFys98
    k4miatRt0LHIRcPBizRWBudUJaUAMXa/m1D9+1ggKszAQV4DVFp/IKd/FnCNgV/O
    QNIMsprxs/U=
    =6Ea5
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"9","type":"x","order":"1","pct":30,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":50,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.