Red Hat Ceph Storage 3 RHSA-2022:1394-01 Important: DoS Access Issue
red hat
April 19, 2022
An update is now available for Red Hat Ceph Storage 3
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.
Security Fix(es):
* ceph: Unauthorized global_id reuse in cephx (CVE-2021-20288)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
References
https://access.redhat.com/security/cve/CVE-2021-20288 https://access.redhat.com/security/updates/classification#important
Package List
Red Hat Ceph Storage 3 MON - ELS:
Source:
ceph-12.2.12-141.el7cp.src.rpm
ppc64le:
ceph-base-12.2.12-141.el7cp.ppc64le.rpm
ceph-common-12.2.12-141.el7cp.ppc64le.rpm
ceph-debuginfo-12.2.12-141.el7cp.ppc64le.rpm
ceph-mgr-12.2.12-141.el7cp.ppc64le.rpm
ceph-mon-12.2.12-141.el7cp.ppc64le.rpm
ceph-selinux-12.2.12-141.el7cp.ppc64le.rpm
libcephfs-devel-12.2.12-141.el7cp.ppc64le.rpm
libcephfs2-12.2.12-141.el7cp.ppc64le.rpm
librados-devel-12.2.12-141.el7cp.ppc64le.rpm
librados2-12.2.12-141.el7cp.ppc64le.rpm
libradosstriper1-12.2.12-141.el7cp.ppc64le.rpm
librbd-devel-12.2.12-141.el7cp.ppc64le.rpm
librbd1-12.2.12-141.el7cp.ppc64le.rpm
librgw-devel-12.2.12-141.el7cp.ppc64le.rpm
librgw2-12.2.12-141.el7cp.ppc64le.rpm
python-cephfs-12.2.12-141.el7cp.ppc64le.rpm
python-rados-12.2.12-141.el7cp.ppc64le.rpm
python-rbd-12.2.12-141.el7cp.ppc64le.rpm
python-rgw-12.2.12-141.el7cp.ppc64le.rpm
x86_64:
ceph-base-12.2.12-141.el7cp.x86_64.rpm
ceph-common-12.2.12-141.el7cp.x86_64.rpm
ceph-debuginfo-12.2.12-141.el7cp.x86_64.rpm
ceph-mgr-12.2.12-141.el7cp.x86_64.rpm
ceph-mon-12.2.12-141.el7cp.x86_64.rpm
ceph-selinux-12.2.12-141.el7cp.x86_64.rpm
ceph-test-12.2.12-141.el7cp.x86_64.rpm
libcephfs-devel-12.2.12-141.el7cp.x86_64.rpm
libcephfs2-12.2.12-141.el7cp.x86_64.rpm
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2022:1394-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1394
Issue date: 2022-04-19
Topic
An update is now available for Red Hat Ceph Storage 3.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Ceph Storage 3 MON - ELS - ppc64le, x86_64
Red Hat Ceph Storage 3 OSD - ELS - ppc64le, x86_64
Red Hat Ceph Storage 3 Tools - ELS - noarch, ppc64le, x86_64
Bugs Fixed
1938031 - CVE-2021-20288 ceph: Unauthorized global_id reuse in cephx
2068353 - [Ceph-ansible]: Adding osd using add-osd.yml fails
2069491 - [Ceph-ansible]: RHCS deployment fails for non-devices osd scenario
2071676 - Adding rgw using site-container.yml with limit fails
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!