Red Hat Ceph Storage 5.3 RHSA-2023:0076 Moderate Path Traversal Fix
red hat
January 11, 2023
An update for ceph, cephadm-ansible, ceph-iscsi, python-dataclasses, and python-werkzeug is now available for Red Hat Ceph Storage 5.3
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.
Security Fix(es):
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Release Notes
document linked to in the References section.
Bug Fix(es)
These new packages include numerous bug fixes and enhancements. Space
precludes documenting all of these changes in this advisory. Users are
directed to the Red Hat Ceph Storage Release Notes for information on the
most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index
All users of Red Hat Ceph Storage are advised to upgrade to these updated
packages that provide numerous enhancements and bug fixes.
References
https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index
Package List
Red Hat Ceph Storage 5.3 MON:
Source:
ceph-16.2.10-94.el8cp.src.rpm
python-dataclasses-0.8-3.el8cp.src.rpm
python-werkzeug-2.0.3-3.el8cp.src.rpm
noarch:
ceph-grafana-dashboards-16.2.10-94.el8cp.noarch.rpm
ceph-mgr-cephadm-16.2.10-94.el8cp.noarch.rpm
ceph-mgr-dashboard-16.2.10-94.el8cp.noarch.rpm
ceph-mgr-diskprediction-local-16.2.10-94.el8cp.noarch.rpm
ceph-mgr-k8sevents-16.2.10-94.el8cp.noarch.rpm
ceph-mgr-modules-core-16.2.10-94.el8cp.noarch.rpm
ceph-mgr-rook-16.2.10-94.el8cp.noarch.rpm
ceph-prometheus-alerts-16.2.10-94.el8cp.noarch.rpm
cephadm-16.2.10-94.el8cp.noarch.rpm
python3-dataclasses-0.8-3.el8cp.noarch.rpm
python3-werkzeug-2.0.3-3.el8cp.noarch.rpm
ppc64le:
ceph-base-16.2.10-94.el8cp.ppc64le.rpm
ceph-base-debuginfo-16.2.10-94.el8cp.ppc64le.rpm
ceph-common-16.2.10-94.el8cp.ppc64le.rpm
ceph-common-debuginfo-16.2.10-94.el8cp.ppc64le.rpm
ceph-debugsource-16.2.10-94.el8cp.ppc64le.rpm
ceph-fuse-debuginfo-16.2.10-94.el8cp.ppc64le.rpm
ceph-immutable-object-cache-debuginfo-16.2.10-94.el8cp.ppc64le.rpm
ceph-mds-debuginfo-16.2.10-94.el8cp.ppc64le.rpm
ceph-mgr-16.2.10-94.el8cp.ppc64le.rpm
ceph-mgr-debuginfo-16.2.10-94.el8cp.ppc64le.rpm
ceph-mon-16.2.10-94.el8cp.ppc64le.rpm
ceph-mon-debuginfo-16.2.10-94.el8cp.ppc64le.rpm
ceph-osd-debuginfo-16.2.10-94.el8cp.ppc64le.rpm
Read the Full Advisory
PREVIOUS
NEXT
Advisory ID: RHSA-2023:0076-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0076
Issue date: 2023-01-11
Topic
An update for ceph, cephadm-ansible, ceph-iscsi, python-dataclasses, andpython-werkzeug is now available for Red Hat Ceph Storage 5.3.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Ceph Storage 5.3 MON - noarch, ppc64le, s390x, x86_64
Red Hat Ceph Storage 5.3 OSD - ppc64le, s390x, x86_64
Red Hat Ceph Storage 5.3 Tools - noarch, ppc64le, s390x, x86_64
Bugs Fixed
1749627 - RGW Multi site: 'radosgw-admin sync status' is hung on secondary when one of RGW process is down on primary
1827519 - [RGW MS]: Data is not synced and 'radosgw-admin sync status' shows behind the shards but 'bucket sync status' shows completed
1905785 - [RGW MS - MultiSite] : slow data sync in RGW MS scale cluster.
1941668 - [GSS][RGW] Buckets out of sync in a Multi-site environment
1957088 - [RGW] Suspending bucket versioning in primary/secondary zone also suspends bucket versioning in the archive zone
1986826 - [rgw-multisite][swift-cosbench]: Size in index not reliably updated on object overwrite, leading to ambiguity in stats on primary and secondary.
1989527 - RBD: `rbd info` cmd on rbd images on which flattening is in progress throws ErrImageNotFound
2011686 - Rados gateway replication slow in multisite setup
2014330 - [CEE][RGW][Kafka] Failed to send bucket notifications to Kafka with ssl
2015028 - rgw-multisite/dynamic resharding: Objects not synced if dynamic reshard happens on both sites while sync is happening in multisite.
2017660 - [cee/sd][RGW] Multisite setup buckets bilogs are not trimmed automatically for RGW Multi-tenant buckets and require manual trim
2019870 - [cee/sd][rgw][rfe] add method to modify role max_session_duration for existing role
2021009 - [RGW] data sync stuck for buckets even after running bucket sync run (sometimes need to run this command multiple times)
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!