Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat Ceph Storage 5.1 RHSA-2022:1174-01 Moderate: Ceph Security Fixes

red hat
Calendar Grey April 4, 2022
Dist Redhat Esm H88
The latest release of Red Hat Ceph Storage 5.1 introduces important security updates and improvements, categorized as moderate risk by Red Hat's security team.
Red Hat Ceph Storage 5.1 is now available

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
Security Fix(es):
* ceph object gateway: radosgw: CRLF injection (CVE-2021-3524)
* ceph: RGW unauthenticated denial of service (CVE-2021-3531)
* ceph: Ceph volume does not honour osd_dmcrypt_key_size (CVE-2021-3979)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es)
These new packages include numerous bug fixes and enhancements. space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.1/html/release_notes/index
All users of Red Hat Ceph Storage are advised to upgrade to these new packages, which provide numerous enhancements and bug fixes.

Topics%20covered

Topics Covered

security advisory moderate security update security issue Red Hat bug fix Ceph storage

References

https://access.redhat.com/security/cve/CVE-2021-3524 https://access.redhat.com/security/cve/CVE-2021-3531 https://access.redhat.com/security/cve/CVE-2021-3979 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.1/html/release_notes/index

Package List

Red Hat Ceph Storage 5.1 MON:
Source: ceph-16.2.7-98.el8cp.src.rpm python-rsa-4.8-1.el8cp.src.rpm
noarch: ceph-grafana-dashboards-16.2.7-98.el8cp.noarch.rpm ceph-mgr-cephadm-16.2.7-98.el8cp.noarch.rpm ceph-mgr-dashboard-16.2.7-98.el8cp.noarch.rpm ceph-mgr-diskprediction-local-16.2.7-98.el8cp.noarch.rpm ceph-mgr-k8sevents-16.2.7-98.el8cp.noarch.rpm ceph-mgr-modules-core-16.2.7-98.el8cp.noarch.rpm ceph-mgr-rook-16.2.7-98.el8cp.noarch.rpm ceph-prometheus-alerts-16.2.7-98.el8cp.noarch.rpm cephadm-16.2.7-98.el8cp.noarch.rpm python3-rsa-4.8-1.el8cp.noarch.rpm
ppc64le: ceph-base-16.2.7-98.el8cp.ppc64le.rpm ceph-base-debuginfo-16.2.7-98.el8cp.ppc64le.rpm ceph-common-16.2.7-98.el8cp.ppc64le.rpm ceph-common-debuginfo-16.2.7-98.el8cp.ppc64le.rpm ceph-debugsource-16.2.7-98.el8cp.ppc64le.rpm ceph-fuse-debuginfo-16.2.7-98.el8cp.ppc64le.rpm ceph-immutable-object-cache-debuginfo-16.2.7-98.el8cp.ppc64le.rpm ceph-mds-debuginfo-16.2.7-98.el8cp.ppc64le.rpm ceph-mgr-16.2.7-98.el8cp.ppc64le.rpm ceph-mgr-debuginfo-16.2.7-98.el8cp.ppc64le.rpm ceph-mon-16.2.7-98.el8cp.ppc64le.rpm ceph-mon-debuginfo-16.2.7-98.el8cp.ppc64le.rpm ceph-osd-debuginfo-16.2.7-98.el8cp.ppc64le.rpm ceph-radosgw-debuginfo-16.2.7-98.el8cp.ppc64le.rpm ceph-selinux-16.2.7-98.el8cp.ppc64le.rpm

Read the Full Advisory


Advisory ID: RHSA-2022:1174-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1174
Issue date: 2022-04-04

Topic

Red Hat Ceph Storage 5.1 is now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security update security issue Red Hat bug fix Ceph storage

Relevant Releases Architectures

Red Hat Ceph Storage 5.1 MON - noarch, ppc64le, s390x, x86_64

Red Hat Ceph Storage 5.1 OSD - ppc64le, s390x, x86_64

Red Hat Ceph Storage 5.1 Tools - noarch, ppc64le, s390x, x86_64

Bugs Fixed

1259160 - [RFE] SNMP support for RHCS cluster components

1494059 - [RFE] Add support for dynamic sharding in RGW Multisite

1654660 - [RFE] Colocation of different Ceph daemons on containerized deployment

1728344 - Customer DR metadata sync status falls behind(stuck)

1765484 - RGW does not support '_' symbol in S3 metadata records.

1821249 - [RFE][dashboard] Display Grafana dashboard for HAProxy used for RGW endpoints

1835563 - MON crash - src/mon/Monitor.cc: 267: FAILED ceph_assert(session_map.sessions.empty())

1842808 - [RFE] : Configuration support of nfs on rgw using cephadm

1857447 - ceph df detail reports dirty objects without a cache tier

1858720 - [RFE] Vault Data Key API

1886120 - ceph orch host rm is not stopping the services deployed in the respective removed hosts

1890109 - [rbd_support] passing invalid interval removes entire schedule

1890113 - [5.0] Ceph-Dashboard - Device health status is not getting listed under hosts section in 5.0 dashboard

1900127 - PG state deep-scrub+repair although no inconsistent PG

1901644 - [cephadm] 5.0 - bootstrap logs are not getting captured fully in a cephadm.log due to less file size

1905470 - [RGW] [boto] PUT on versioned bucket fails with NoSuchKey

1915362 - [cee/sd][MGR][insights] the insights command is logging into ceph.audit.log excessively - "[{"prefix":"config-key set","key":"mgr/insights/health_history/ ...

1921204 - [RFE]increase HTTP headers size in beast.

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here