-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat Ceph Storage 6.1 Container security and bug fix update
Advisory ID:       RHSA-2023:3642-01
Product:           Red Hat Ceph Storage
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3642
Issue date:        2023-06-15
CVE Names:         CVE-2021-42581 CVE-2022-1650 CVE-2022-1705 
                   CVE-2022-2880 CVE-2022-21680 CVE-2022-21681 
                   CVE-2022-24675 CVE-2022-24785 CVE-2022-26148 
                   CVE-2022-27664 CVE-2022-28131 CVE-2022-28327 
                   CVE-2022-29526 CVE-2022-30629 CVE-2022-30630 
                   CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 
                   CVE-2022-30635 CVE-2022-31097 CVE-2022-31107 
                   CVE-2022-31123 CVE-2022-31130 CVE-2022-32148 
                   CVE-2022-32189 CVE-2022-32190 CVE-2022-35957 
                   CVE-2022-39201 CVE-2022-39229 CVE-2022-39306 
                   CVE-2022-39307 CVE-2022-39324 CVE-2022-41715 
                   CVE-2022-41912 
====================================================================
1. Summary:

A new container image for Red Hat Ceph Storage 6.1 is now available in the
Red Hat Ecosystem Catalog.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.

This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat
Enterprise Linux 9.

Security Fix(es):

* crewjam/saml: Authentication bypass when processing SAML responses
containing multiple Assertion elements (CVE-2022-41912)

* eventsource: Exposure of Sensitive Information (CVE-2022-1650)

* grafana: stored XSS vulnerability (CVE-2022-31097)

* grafana: OAuth account takeover (CVE-2022-31107)

* ramda: prototype poisoning (CVE-2021-42581)

* golang: net/http: improper sanitization of Transfer-Encoding header
(CVE-2022-1705)

* golang: net/http/httputil: ReverseProxy should not forward unparseable
query parameters (CVE-2022-2880)

* marked: regular expression block.def may lead Denial of Service
(CVE-2022-21680)

* marked: regular expression inline.reflinkSearch may lead Denial of
Service (CVE-2022-21681)

* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)

* Moment.js: Path traversal  in moment.locale (CVE-2022-24785)

* grafana: An information leak issue was discovered in Grafana through
7.3.4, when integrated with Zabbix (CVE-2022-26148)

* golang: net/http: handle server errors after sending GOAWAY
(CVE-2022-27664)

* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

* golang: crypto/elliptic: panic caused by oversized scalar
(CVE-2022-28327)

* golang: syscall: faccessat checks wrong group (CVE-2022-29526)

* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

* grafana: plugin signature bypass (CVE-2022-31123)

* grafana: data source and plugin proxy endpoints leaking authentication
tokens to some destination plugins (CVE-2022-31130)

* golang: net/http/httputil: NewSingleHostReverseProxy - omit
X-Forwarded-For not working (CVE-2022-32148)

* golang: net/url: JoinPath does not strip relative path components in all
circumstances (CVE-2022-32190)

* grafana: Escalation from admin to server admin when auth proxy is used
(CVE-2022-35957)

* grafana: Data source and plugin proxy endpoints could leak the
authentication cookie to some destination plugins (CVE-2022-39201)

* grafana: using email as a username can block other users from signing in
(CVE-2022-39229)

* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)

* grafana: User enumeration via forget password (CVE-2022-39307)

* grafana: Spoofing of the originalUrl parameter of snapshots
(CVE-2022-39324)

* golang: regexp/syntax: limit memory used by parsing regexps
(CVE-2022-41715)

* golang: crypto/tls: session tickets lack random ticket_age_add
(CVE-2022-30629)

* golang: math/big: decoding big.Float and big.Rat types can panic if the
encoded message is too short, potentially allowing a denial of service
(CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Space precludes documenting all of these changes in this advisory. Usersare directed to the Red Hat Ceph Storage Release Notes for information on
the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index

All users of Red Hat Ceph Storage are advised to pull these new images from
the Red Hat Ecosystem catalog, which provides numerous enhancements and bug
fixes.

3. Solution:

For details on how to apply this update, see Upgrade a Red Hat Ceph Storage
cluster using cephadm in the Red Hat Storage Ceph Upgrade
Guide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)

4. Bugs fixed (https://bugzilla.redhat.com/):

2066563 - CVE-2022-26148 grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix
2072009 - CVE-2022-24785 Moment.js: Path traversal  in moment.locale
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2082705 - CVE-2022-21680 marked: regular expression block.def may lead Denial of Service
2082706 - CVE-2022-21681 marked: regular expression inline.reflinkSearch may lead Denial of Service
2083778 - CVE-2021-42581 ramda: prototype poisoning
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2104365 - CVE-2022-31097 grafana: stored XSS vulnerability
2104367 - CVE-2022-31107 grafana: OAuth account takeover
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances
2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
2125514 - CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used
2131146 - CVE-2022-31130 grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
2131147 - CVE-2022-31123 grafana: plugin signature bypass
2131148 - CVE-2022-39201 grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
2131149 - CVE-2022-39229 grafana: using email as a username can block other users from signing in
2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
2138014 - CVE-2022-39306 grafana: email addresses and usernames cannot be trusted
2138015 - CVE-2022-39307 grafana: User enumeration via forget password
2148252 - CVE-2022-39324 grafana: Spoofing of the originalUrl parameter of snapshots
2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements
2168965 - [cee/sd][rook-ceph]cephfs-top utility is not available under rook-ceph-oprator/tools pod
2174461 - add dbus-daemon binary - required for NFS in ODF 4.13
2174462 - add ceph-exporter pkg to RHCS 6.1 image
2186142 - [RHCS 6.1] [Deployment] Cephadm bootstrap failing with default image.

5. References:

https://access.redhat.com/security/cve/CVE-2021-42581
https://access.redhat.com/security/cve/CVE-2022-1650
https://access.redhat.com/security/cve/CVE-2022-1705
https://access.redhat.com/security/cve/CVE-2022-2880
https://access.redhat.com/security/cve/CVE-2022-21680
https://access.redhat.com/security/cve/CVE-2022-21681
https://access.redhat.com/security/cve/CVE-2022-24675
https://access.redhat.com/security/cve/CVE-2022-24785
https://access.redhat.com/security/cve/CVE-2022-26148
https://access.redhat.com/security/cve/CVE-2022-27664
https://access.redhat.com/security/cve/CVE-2022-28131
https://access.redhat.com/security/cve/CVE-2022-28327
https://access.redhat.com/security/cve/CVE-2022-29526
https://access.redhat.com/security/cve/CVE-2022-30629
https://access.redhat.com/security/cve/CVE-2022-30630
https://access.redhat.com/security/cve/CVE-2022-30631
https://access.redhat.com/security/cve/CVE-2022-30632
https://access.redhat.com/security/cve/CVE-2022-30633
https://access.redhat.com/security/cve/CVE-2022-30635
https://access.redhat.com/security/cve/CVE-2022-31097
https://access.redhat.com/security/cve/CVE-2022-31107
https://access.redhat.com/security/cve/CVE-2022-31123
https://access.redhat.com/security/cve/CVE-2022-31130
https://access.redhat.com/security/cve/CVE-2022-32148
https://access.redhat.com/security/cve/CVE-2022-32189
https://access.redhat.com/security/cve/CVE-2022-32190
https://access.redhat.com/security/cve/CVE-2022-35957
https://access.redhat.com/security/cve/CVE-2022-39201
https://access.redhat.com/security/cve/CVE-2022-39229
https://access.redhat.com/security/cve/CVE-2022-39306
https://access.redhat.com/security/cve/CVE-2022-39307
https://access.redhat.com/security/cve/CVE-2022-39324
https://access.redhat.com/security/cve/CVE-2022-41715
https://access.redhat.com/security/cve/CVE-2022-41912
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZItdBNzjgjWX9erEAQiyZRAAmhxyXh2kCdMDgFSpVxuovk1ZU2IgC+f9
pl9fvoynyr8YD0AqysHrvrEt+l5djJ4BPwslreRYB/b46WAy34/80Tm2C9jmAeMV
BuEYd6iAzjIQB+DgN3CPsuhXs5FIFAfntzJ0/z4RyA9dDwDDGjwsKyc79aCMOStf
FQZLZ4Muz9i9zUDNDHcwBhDo2CsYxEU80i6ANA65aGqmZ/31XhU7mWU0r/k6vTH6
gwOpRfKp+UqSLUfmpuQ7jlMpJC5UGyIgenksBs/b+e2CQCgVaBnGj466XlfnUllr
O6L5yb/xAdSgcrgg07Df8dutunO1lbMRavAgF1P2lQeZ1QVdS0NnB4fUG0C2c0NC
1cgqb20358d21rJkskb+DXtu8cV2hWrGUBZonAO2dy1wI1BjSqEDAeeMH89E/q3j
gjg/zvmuoc22++ZmyNjgvLc5iAcBxhNw8TibkIBW3HYHqXAiVJ2hkO7So6QYpRpv
PbxKcdTGBHw08vvS2zuEEqwYVOe0c5eMxIyQuZoC6KY8ACVXK/75kRj/WPaG4QEs
KbhJhfmN6uFq2DmRlTGaUbWQSQoXnu7VDVanluvWCklKtc/aNL7/mnsy73l/l/I3
lZCM8EOH09za1ehL6xpjcTntBQHjba1gnmO8nmg0ZwxEYbvsmF8ruAOHqroQiZbo
Bj8F2NJYnjY=lgpj
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-3642:01 Important: Red Hat Ceph Storage 6.1 Container

A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog

Summary

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9.
Security Fix(es):
* crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* grafana: stored XSS vulnerability (CVE-2022-31097)
* grafana: OAuth account takeover (CVE-2022-31107)
* ramda: prototype poisoning (CVE-2021-42581)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* marked: regular expression block.def may lead Denial of Service (CVE-2022-21680)
* marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* grafana: plugin signature bypass (CVE-2022-31123)
* grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957)
* grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201)
* grafana: using email as a username can block other users from signing in (CVE-2022-39229)
* grafana: email addresses and usernames cannot be trusted (CVE-2022-39306)
* grafana: User enumeration via forget password (CVE-2022-39307)
* grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Space precludes documenting all of these changes in this advisory. Usersare directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes.



Summary


Solution

For details on how to apply this update, see Upgrade a Red Hat Ceph Storage cluster using cephadm in the Red Hat Storage Ceph Upgrade Guide.(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage)

References

https://access.redhat.com/security/cve/CVE-2021-42581 https://access.redhat.com/security/cve/CVE-2022-1650 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-21680 https://access.redhat.com/security/cve/CVE-2022-21681 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/cve/CVE-2022-26148 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-31097 https://access.redhat.com/security/cve/CVE-2022-31107 https://access.redhat.com/security/cve/CVE-2022-31123 https://access.redhat.com/security/cve/CVE-2022-31130 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32189 https://access.redhat.com/security/cve/CVE-2022-32190 https://access.redhat.com/security/cve/CVE-2022-35957 https://access.redhat.com/security/cve/CVE-2022-39201 https://access.redhat.com/security/cve/CVE-2022-39229 https://access.redhat.com/security/cve/CVE-2022-39306 https://access.redhat.com/security/cve/CVE-2022-39307 https://access.redhat.com/security/cve/CVE-2022-39324 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41912 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index

Package List


Severity
Advisory ID: RHSA-2023:3642-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3642
Issued Date: : 2023-06-15
CVE Names: CVE-2021-42581 CVE-2022-1650 CVE-2022-1705 CVE-2022-2880 CVE-2022-21680 CVE-2022-21681 CVE-2022-24675 CVE-2022-24785 CVE-2022-26148 CVE-2022-27664 CVE-2022-28131 CVE-2022-28327 CVE-2022-29526 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-31097 CVE-2022-31107 CVE-2022-31123 CVE-2022-31130 CVE-2022-32148 CVE-2022-32189 CVE-2022-32190 CVE-2022-35957 CVE-2022-39201 CVE-2022-39229 CVE-2022-39306 CVE-2022-39307 CVE-2022-39324 CVE-2022-41715 CVE-2022-41912

Topic

A new container image for Red Hat Ceph Storage 6.1 is now available in theRed Hat Ecosystem Catalog.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2066563 - CVE-2022-26148 grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix

2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale

2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode

2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar

2082705 - CVE-2022-21680 marked: regular expression block.def may lead Denial of Service

2082706 - CVE-2022-21681 marked: regular expression inline.reflinkSearch may lead Denial of Service

2083778 - CVE-2021-42581 ramda: prototype poisoning

2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group

2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information

2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add

2104365 - CVE-2022-31097 grafana: stored XSS vulnerability

2104367 - CVE-2022-31107 grafana: OAuth account takeover

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob

2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header

2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob

2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode

2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip

2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances

2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY

2125514 - CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used

2131146 - CVE-2022-31130 grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

2131147 - CVE-2022-31123 grafana: plugin signature bypass

2131148 - CVE-2022-39201 grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

2131149 - CVE-2022-39229 grafana: using email as a username can block other users from signing in

2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps

2138014 - CVE-2022-39306 grafana: email addresses and usernames cannot be trusted

2138015 - CVE-2022-39307 grafana: User enumeration via forget password

2148252 - CVE-2022-39324 grafana: Spoofing of the originalUrl parameter of snapshots

2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

2168965 - [cee/sd][rook-ceph]cephfs-top utility is not available under rook-ceph-oprator/tools pod

2174461 - add dbus-daemon binary - required for NFS in ODF 4.13

2174462 - add ceph-exporter pkg to RHCS 6.1 image

2186142 - [RHCS 6.1] [Deployment] Cephadm bootstrap failing with default image.


Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved