Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat Ceph Storage 6.1 RHSA-2023-3623-01 Moderate: DoS and XSS Issues

red hat
Calendar Grey June 15, 2023
Dist Redhat Esm H88
Red Hat Ceph Storage 6.1 undergoes a notable security and bug correction update featuring various improvements.
New packages for Red Hat Ceph Storage 6.1 are now available on Red Hat Enterprise Linux

Solution

For details on how to apply this update, see Upgrade a Red Hat Ceph Storage cluster using cephadm in the Red Hat Storage Ceph Upgrade Guide (https://docs.redhat.com/en/documentation/red_hat_ceph_storage/9).

Summary

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
These new packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:

Security Fix(es):
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* angular: XSS vulnerability (CVE-2021-4231)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All users of Red Hat Ceph Storage are advised to update to these packages that provide numerous enhancements and bug fixes.

Topics%20covered

Topics Covered

security advisory XSS bug fix DoS moderate severity system update Red Hat Ceph Storage

References

https://access.redhat.com/security/cve/CVE-2021-4231 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Ceph Storage 6.1 Tools:
Source: ansible-collection-ansible-posix-1.2.0-1.3.el9ost.src.rpm ceph-17.2.6-70.el9cp.src.rpm cephadm-ansible-2.15.0-1.el9cp.src.rpm
noarch: ansible-collection-ansible-posix-1.2.0-1.3.el9ost.noarch.rpm ceph-mib-17.2.6-70.el9cp.noarch.rpm ceph-resource-agents-17.2.6-70.el9cp.noarch.rpm cephadm-17.2.6-70.el9cp.noarch.rpm cephadm-ansible-2.15.0-1.el9cp.noarch.rpm cephfs-top-17.2.6-70.el9cp.noarch.rpm
ppc64le: ceph-base-17.2.6-70.el9cp.ppc64le.rpm ceph-base-debuginfo-17.2.6-70.el9cp.ppc64le.rpm ceph-common-17.2.6-70.el9cp.ppc64le.rpm ceph-common-debuginfo-17.2.6-70.el9cp.ppc64le.rpm ceph-debuginfo-17.2.6-70.el9cp.ppc64le.rpm ceph-debugsource-17.2.6-70.el9cp.ppc64le.rpm ceph-exporter-debuginfo-17.2.6-70.el9cp.ppc64le.rpm ceph-fuse-17.2.6-70.el9cp.ppc64le.rpm ceph-fuse-debuginfo-17.2.6-70.el9cp.ppc64le.rpm ceph-immutable-object-cache-17.2.6-70.el9cp.ppc64le.rpm ceph-immutable-object-cache-debuginfo-17.2.6-70.el9cp.ppc64le.rpm ceph-mds-debuginfo-17.2.6-70.el9cp.ppc64le.rpm ceph-mgr-debuginfo-17.2.6-70.el9cp.ppc64le.rpm ceph-mon-debuginfo-17.2.6-70.el9cp.ppc64le.rpm ceph-osd-debuginfo-17.2.6-70.el9cp.ppc64le.rpm ceph-radosgw-debuginfo-17.2.6-70.el9cp.ppc64le.rpm ceph-selinux-17.2.6-70.el9cp.ppc64le.rpm

Read the Full Advisory


Advisory ID: RHSA-2023:3623-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3623
Issue date: 2023-06-15

Topic

New packages for Red Hat Ceph Storage 6.1 are now available on Red HatEnterprise Linux.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory XSS bug fix DoS moderate severity system update Red Hat Ceph Storage

Relevant Releases Architectures

Red Hat Ceph Storage 6.1 Tools - noarch, ppc64le, s390x, x86_64

Bugs Fixed

1467648 - [RFE] support x-amz-replication-status for multisite

1600995 - rgw_user_max_buckets is not applied to non-rgw users1783271 - [RFE] support for key rotation

1794550 - [Graceful stop/restart/shutdown] multiple ceph admin sockets

1929760 - [RFE] [Ceph-Dashboard] [Ceph-mgr] Dashboard to display per OSD slow op counter and type of slow op

1932764 - [RFE] Bootstrap console logs are through STDERR stream

1937618 - [CEE][RGW]Bucket policies disappears in archive zone when an object is inserted in master zone bucket

1975689 - Listing of snapshots are not always successful on nfs exports

1991808 - [rgw-multisite][LC]: LC rules applied from the master do not run on the slave.

2004175 - [RGW][Notification][kafka][MS]: arn not populated with zonegroup in event record

2016288 - [RFE] Defining a zone-group when deploying RGW service with cephadm

2016949 - [RADOS]: OSD add command has no return error/alert message to convey OSD not added with wrong hostname

2024444 - [rbd-mirror] Enabling mirroring on image in a namespace falsely fails saying cannot enable mirroring in current pool mirroring mode

2025815 - [RFE] RBD Mirror Geo-replication metrics

2028058 - [RFE][Ceph Dashboard] Add alert panel in the front dashboard

2029714 - ceph --version command reports incorrect ceph version in 5.x post upgrade from 4.2 when compared with ceph version output

2036063 - [GSS][Cephadm][Add the deletion of the cluster logs in the cephadm rm-cluster]

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here