Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat Ceph Storage 5.3 RHSA-2023:0980 Important: Local Exploit

red hat
Calendar Grey February 28, 2023
Dist Redhat Esm H88
Critical notification for Red Hat Ceph Storage version 5.3 concerning vulnerabilities and bugs. It's advised to upgrade to maintain robust security.
An update is now available for Red Hat Ceph Storage 5.3

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
Security Fix(es):
* Ceph: ceph-crash.service allows local ceph user to root exploit (CVE-2022-3650)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
These updated packages include various bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index
All users of Red Hat Ceph Storage are advised to upgrade to these updated packages that provide various bugs and security fixes.

Topics%20covered

Topics Covered

security advisory security issue Red Hat bug fix local exploit important Ceph Storage

References

https://access.redhat.com/security/cve/CVE-2022-3650 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Ceph Storage 5.3 MON:
Source: ceph-16.2.10-138.el8cp.src.rpm
noarch: ceph-grafana-dashboards-16.2.10-138.el8cp.noarch.rpm ceph-mgr-cephadm-16.2.10-138.el8cp.noarch.rpm ceph-mgr-dashboard-16.2.10-138.el8cp.noarch.rpm ceph-mgr-diskprediction-local-16.2.10-138.el8cp.noarch.rpm ceph-mgr-k8sevents-16.2.10-138.el8cp.noarch.rpm ceph-mgr-modules-core-16.2.10-138.el8cp.noarch.rpm ceph-mgr-rook-16.2.10-138.el8cp.noarch.rpm ceph-prometheus-alerts-16.2.10-138.el8cp.noarch.rpm cephadm-16.2.10-138.el8cp.noarch.rpm
ppc64le: ceph-base-16.2.10-138.el8cp.ppc64le.rpm ceph-base-debuginfo-16.2.10-138.el8cp.ppc64le.rpm ceph-common-16.2.10-138.el8cp.ppc64le.rpm ceph-common-debuginfo-16.2.10-138.el8cp.ppc64le.rpm ceph-debugsource-16.2.10-138.el8cp.ppc64le.rpm ceph-fuse-debuginfo-16.2.10-138.el8cp.ppc64le.rpm ceph-immutable-object-cache-debuginfo-16.2.10-138.el8cp.ppc64le.rpm ceph-mds-debuginfo-16.2.10-138.el8cp.ppc64le.rpm ceph-mgr-16.2.10-138.el8cp.ppc64le.rpm ceph-mgr-debuginfo-16.2.10-138.el8cp.ppc64le.rpm ceph-mon-16.2.10-138.el8cp.ppc64le.rpm ceph-mon-debuginfo-16.2.10-138.el8cp.ppc64le.rpm ceph-osd-debuginfo-16.2.10-138.el8cp.ppc64le.rpm ceph-radosgw-debuginfo-16.2.10-138.el8cp.ppc64le.rpm ceph-selinux-16.2.10-138.el8cp.ppc64le.rpm ceph-test-16.2.10-138.el8cp.ppc64le.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2023:0980-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0980
Issue date: 2023-02-28

Topic

An update is now available for Red Hat Ceph Storage 5.3.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat bug fix local exploit important Ceph Storage

Relevant Releases Architectures

Red Hat Ceph Storage 5.3 MON - noarch, ppc64le, s390x, x86_64

Red Hat Ceph Storage 5.3 OSD - ppc64le, s390x, x86_64

Red Hat Ceph Storage 5.3 Tools - noarch, ppc64le, s390x, x86_64

Bugs Fixed

2008524 - (RHCS 5.3z1) MGR is not reporting the version label in the ceph_mon_metadata metric

2040337 - [GSS][RFE][Include an additional task in the cephadm-preflight playbook to populate /etc/containers/registries.conf for disconnected installations]

2064429 - [CEE/SD][ceph-volume] ceph-volume lvm batch not accepting the /dev/disk/by-path/ & /dev/disk/by-id/ for persistent naming

2064441 - [CEE/SD][cephadm][RFE] cephadm should add the necessary firewall ports during iscsi deployment

2073273 - make cephfs-top display scroll-able like top(1) and fix the blank screen for great number of clients

2083468 - cephfs-top: multiple file system support

2094822 - [CephFS] Clone operations are failing with Assertion Error

2097680 - [cephadm-ansible] cephadm-preflight.yml should be improved for current ceph_origin=custom changes

2099470 - [iscsi]- Adding/expanding iscsi gateways in gwcli to the existing is failed saying "Failed : /etc/ceph/iscsi-gateway.cfg on ceph-52-iscsifix-bcb6z****** does not match the local version. Correct and retry request"

2103677 - [RFE] `address` parameter is mandatory when adding host using `ceph_orch_host` module

2106849 - [CephFS-NFS} - haproxy.cfg failed to replace old NFS server IP with a new NFS Server during HA Failover.

2107407 - [RHCS 5.3] pacific doesn't defer small writes for pre-pacific hdd osds

2111573 - Unable to remove ingress service from a Host which is down.

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here