Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat Ceph Storage 4.3 Advisory RHSA-2022:1716-01 Moderate: DoS Risk

red hat
Calendar Grey May 5, 2022
Dist Redhat Esm H88
New release out for Red Hat Ceph Storage 4.3, focused on tackling vulnerabilities and bugs classified as moderate by Red Hat. More information available!
New packages for Red Hat Ceph Storage 4.3 are now available on Red Hat Enterprise Linux 8.5

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

For supported configurations, refer to:

https://access.redhat.com/articles/1548993

Summary

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
Security Fix(es):
* python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)
* ceph object gateway: radosgw: CRLF injection (CVE-2021-3524)
* ceph: Ceph volume does not honour osd_dmcrypt_key_size (CVE-2021-3979)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
These new packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://docs.redhat.com/en/documentation/red_hat_ceph_storage/4.3/html/release_notes/index
All users of Red Hat Ceph Storage are advised to upgrade to these new packages, which provide bug fixes.

Topics%20covered

Topics Covered

security advisory moderate bug fix storage update red hat ceph

References

https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2021-3524 https://access.redhat.com/security/cve/CVE-2021-3979 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Ceph Storage 4.3 MON:
Source: ceph-14.2.22-110.el7cp.src.rpm
noarch: ceph-grafana-dashboards-14.2.22-110.el7cp.noarch.rpm ceph-mgr-dashboard-14.2.22-110.el7cp.noarch.rpm ceph-mgr-diskprediction-local-14.2.22-110.el7cp.noarch.rpm ceph-mgr-k8sevents-14.2.22-110.el7cp.noarch.rpm ceph-mgr-rook-14.2.22-110.el7cp.noarch.rpm
ppc64le: ceph-base-14.2.22-110.el7cp.ppc64le.rpm ceph-common-14.2.22-110.el7cp.ppc64le.rpm ceph-debuginfo-14.2.22-110.el7cp.ppc64le.rpm ceph-mgr-14.2.22-110.el7cp.ppc64le.rpm ceph-mon-14.2.22-110.el7cp.ppc64le.rpm ceph-selinux-14.2.22-110.el7cp.ppc64le.rpm ceph-test-14.2.22-110.el7cp.ppc64le.rpm libcephfs-devel-14.2.22-110.el7cp.ppc64le.rpm libcephfs2-14.2.22-110.el7cp.ppc64le.rpm librados-devel-14.2.22-110.el7cp.ppc64le.rpm librados2-14.2.22-110.el7cp.ppc64le.rpm libradospp-devel-14.2.22-110.el7cp.ppc64le.rpm libradosstriper1-14.2.22-110.el7cp.ppc64le.rpm librbd-devel-14.2.22-110.el7cp.ppc64le.rpm librbd1-14.2.22-110.el7cp.ppc64le.rpm librgw-devel-14.2.22-110.el7cp.ppc64le.rpm librgw2-14.2.22-110.el7cp.ppc64le.rpm python-ceph-argparse-14.2.22-110.el7cp.ppc64le.rpm python-cephfs-14.2.22-110.el7cp.ppc64le.rpm python-rados-14.2.22-110.el7cp.ppc64le.rpm python-rbd-14.2.22-110.el7cp.ppc64le.rpm python-rgw-14.2.22-110.el7cp.ppc64le.rpm
x86_64:

Read the Full Advisory


Advisory ID: RHSA-2022:1716-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1716
Issue date: 2022-05-05

Topic

New packages for Red Hat Ceph Storage 4.3 are now available on Red HatEnterprise Linux 8.5.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate bug fix storage update red hat ceph

Relevant Releases Architectures

Red Hat Ceph Storage 4.3 MON - noarch, ppc64le, s390x, x86_64

Red Hat Ceph Storage 4.3 OSD - ppc64le, s390x, x86_64

Red Hat Ceph Storage 4.3 Tools - noarch, ppc64le, s390x, x86_64

Bugs Fixed

1786691 - [ceph-ansible][RFE] support for Grafana-server purge.yml

1855350 - non-fatal yum install error of nfs-ganesha

1876860 - [RFE] [ceph-ansible] Add osd_auto_discovery support in purge-cluster.yml playbook

1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption

1891557 - ceph-volume ignores osd_mount_options_xfs

1894038 - pybind/mgr/volumes: Make number of cloner threads configurable

1896803 - [cee/sd][ceph-volume] when running playbook add-osd.yml or site.yml ceph-volume does not create OSDs on new devices

1902999 - [RFE][ceph-ansible] Include configuration parameters for alertmanager in ceph-ansible

1906022 - [RFE] [ceph-ansible] : ceph-validate : Validate devices mentioned in lvm_volumes

1927574 - [RFE] Allow ceph dashboard IP to be set via all.yml

1936299 - [GSS] ceph dashboard certification alert "x509: certificate signed by unknown authority"

1941775 - [RFE] Allow setting global nfs-ganesha options

1951674 - CVE-2021-3524 ceph object gateway: radosgw: CRLF injection

1952571 - [GSS][ceph-ansible][RFE] Additional pre-check for mon quorum failures while running rolling_update.yml playbook

1955038 - [RFE] Include radosgw-admin sync status in Ceph-Dashboard Grafana

1960306 - Some tempest object_storage negative tests fail when RGW returns a 404 error and the tests expect a 401

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here