Red Hat Ceph Storage 4.2 RHSA-2021:1452-01 Important: SCSI Target Issue
red hat
April 28, 2021
An update for ceph, ceph-ansible, gperftools, and tcmu-runner is now available for Red Hat Ceph Storage 4.2
Solution
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Summary
Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.
The ceph-ansible package provides Ansible playbooks for installing,
maintaining, and upgrading Red Hat Ceph Storage.
Perf Tools is a collection of performance analysis tools, including a high
performance multi-threaded malloc() implementation that works particularly
well with threads and STL, a thread-friendly heap-checker, a heap profiler,
and a cpu-profiler.
The tcmu-runner packages provide a service that handles the complexity of
the LIO kernel target's userspace passthrough interface (TCMU). It presents
a C plugin API for extension modules that handle SCSI requests in ways not
possible or suitable to be handled by LIO's in-kernel backstores.
Security Fix(es):
* tcmu-runner: SCSI target (LIO) write to any block on ILO backstore
(CVE-2021-3139)
* ceph: mgr modules' passwords are in clear text in mgr logs
(CVE-2020-25678)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
These updated packages include numerous bug fixes. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Ceph Storage 4.2 Release Notes for information on the most
significant of these changes:
/release_notes/index
All users of Red Hat Ceph Storage are advised to upgrade to these updated
packages, which provide numerous bug fixes.
References
https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/updates/classification#important
Package List
Red Hat Ceph Storage 4.2 MON:
Source:
ceph-14.2.11-147.el7cp.src.rpm
noarch:
ceph-grafana-dashboards-14.2.11-147.el7cp.noarch.rpm
ceph-mgr-dashboard-14.2.11-147.el7cp.noarch.rpm
ceph-mgr-diskprediction-local-14.2.11-147.el7cp.noarch.rpm
ceph-mgr-k8sevents-14.2.11-147.el7cp.noarch.rpm
ceph-mgr-rook-14.2.11-147.el7cp.noarch.rpm
ppc64le:
ceph-base-14.2.11-147.el7cp.ppc64le.rpm
ceph-common-14.2.11-147.el7cp.ppc64le.rpm
ceph-debuginfo-14.2.11-147.el7cp.ppc64le.rpm
ceph-mgr-14.2.11-147.el7cp.ppc64le.rpm
ceph-mon-14.2.11-147.el7cp.ppc64le.rpm
ceph-selinux-14.2.11-147.el7cp.ppc64le.rpm
ceph-test-14.2.11-147.el7cp.ppc64le.rpm
libcephfs-devel-14.2.11-147.el7cp.ppc64le.rpm
libcephfs2-14.2.11-147.el7cp.ppc64le.rpm
librados-devel-14.2.11-147.el7cp.ppc64le.rpm
librados2-14.2.11-147.el7cp.ppc64le.rpm
libradospp-devel-14.2.11-147.el7cp.ppc64le.rpm
libradosstriper1-14.2.11-147.el7cp.ppc64le.rpm
librbd-devel-14.2.11-147.el7cp.ppc64le.rpm
librbd1-14.2.11-147.el7cp.ppc64le.rpm
librgw-devel-14.2.11-147.el7cp.ppc64le.rpm
librgw2-14.2.11-147.el7cp.ppc64le.rpm
python-ceph-argparse-14.2.11-147.el7cp.ppc64le.rpm
python-cephfs-14.2.11-147.el7cp.ppc64le.rpm
python-rados-14.2.11-147.el7cp.ppc64le.rpm
python-rbd-14.2.11-147.el7cp.ppc64le.rpm
python-rgw-14.2.11-147.el7cp.ppc64le.rpm
x86_64:
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2021:1452-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1452
Issue date: 2021-04-28
Topic
An update for ceph, ceph-ansible, gperftools, and tcmu-runner is nowavailable for Red Hat Ceph Storage 4.2.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Ceph Storage 4.2 MON - noarch, ppc64le, s390x, x86_64
Red Hat Ceph Storage 4.2 OSD - ppc64le, s390x, x86_64
Red Hat Ceph Storage 4.2 Tools - noarch, ppc64le, s390x, x86_64
Bugs Fixed
1831779 - [RFE] RGW Multi-site data sync optimizations
1831798 - [RFE] RGW Multisite sync data logs omap offload
1859257 - radosgw-admin user stats --reset-stats causing OSD flapping when issued against users with thousands of buckets
1867717 - Every time ceph-volume command gets executed the debug output gets registered here: /var/log/ceph/ceph-volume.log
1873881 - When Kafka Cluster is unavailable, Bucket access is not available after setting up Bucket Notification feature.
1875346 - rgw lc expiration header returns although it should not
1875777 - Filestore to Bluestore migration skipped if osd_objectstore is not set to "filestore"
1876827 - [cee/sd][ceph-volume] "ceph-volume lvm batch --report /dev/vdd " fails on lvm OSDs set up with dm-cache
1881304 - [GSS] [RFE] Log indication of latency by bucket
1882561 - Add per pool compression metrics to mgr/prometheus
1884469 - Log files are created after installation with rights root:root
1885441 - mgr/prometheus should provide a metric indicating SLOW_OPS for alerting
1888630 - [ceph-ansible]: Multi realm create workflow fails on restart RGW step
1892109 - CVE-2020-25678 ceph: mgr modules' passwords are in clear text in mgr logs
1892265 - [RGW] bucket list fails with ERROR: get_bucket_instance_from_oid failed: -5
1892824 - [RFE][ceph-mgr][ceph-dashboard] Backport request to display the user's current bucket quota usage in RHCS4 ceph-dashboard
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!