Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2024-0745-03

Red Hat Security Advisory 2024-0745-03 - An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat Ecosystem Catalog.

Packet Storm
#vulnerability#red_hat#js#perl

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0745.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat’s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

  • Packet Storm Staff

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Ceph Storage 5.3 Security update
Advisory ID: RHSA-2024:0745-03
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2024:0745
Issue date: 2024-02-09
Revision: 03
CVE Names: CVE-2023-43040
====================================================================

Summary:

An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat
Ecosystem Catalog.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.

These updated packages include numerous bug fixes. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Ceph Storage Release Notes for information on the most
significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

All users of Red Hat Ceph Storage are advised to update to these packages
that provide various bug fixes.

Security Fix(es):

  • rgw: improperly verified POST keys (CVE-2023-43040)

  • ceph: RGW crash upon misconfigured CORS rule (CVE-2023-46159)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5/html-single/upgrade_guide/index#upgrade-a-red-hat-ceph-storage-cluster-using-cephadm

https://access.redhat.com/articles/1548993

CVEs:

CVE-2023-43040

References:

https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2153448
https://bugzilla.redhat.com/show_bug.cgi?id=2193419
https://bugzilla.redhat.com/show_bug.cgi?id=2211758
https://bugzilla.redhat.com/show_bug.cgi?id=2215374
https://bugzilla.redhat.com/show_bug.cgi?id=2215380
https://bugzilla.redhat.com/show_bug.cgi?id=2216855
https://bugzilla.redhat.com/show_bug.cgi?id=2216857
https://bugzilla.redhat.com/show_bug.cgi?id=2224636
https://bugzilla.redhat.com/show_bug.cgi?id=2227806
https://bugzilla.redhat.com/show_bug.cgi?id=2227810
https://bugzilla.redhat.com/show_bug.cgi?id=2227997
https://bugzilla.redhat.com/show_bug.cgi?id=2228001
https://bugzilla.redhat.com/show_bug.cgi?id=2228039
https://bugzilla.redhat.com/show_bug.cgi?id=2231469
https://bugzilla.redhat.com/show_bug.cgi?id=2232164
https://bugzilla.redhat.com/show_bug.cgi?id=2233444
https://bugzilla.redhat.com/show_bug.cgi?id=2233886
https://bugzilla.redhat.com/show_bug.cgi?id=2234610
https://bugzilla.redhat.com/show_bug.cgi?id=2236190
https://bugzilla.redhat.com/show_bug.cgi?id=2237391
https://bugzilla.redhat.com/show_bug.cgi?id=2237880
https://bugzilla.redhat.com/show_bug.cgi?id=2238665
https://bugzilla.redhat.com/show_bug.cgi?id=2239149
https://bugzilla.redhat.com/show_bug.cgi?id=2239433
https://bugzilla.redhat.com/show_bug.cgi?id=2239455
https://bugzilla.redhat.com/show_bug.cgi?id=2240089
https://bugzilla.redhat.com/show_bug.cgi?id=2240144
https://bugzilla.redhat.com/show_bug.cgi?id=2240586
https://bugzilla.redhat.com/show_bug.cgi?id=2240727
https://bugzilla.redhat.com/show_bug.cgi?id=2240839
https://bugzilla.redhat.com/show_bug.cgi?id=2240977
https://bugzilla.redhat.com/show_bug.cgi?id=2244868
https://bugzilla.redhat.com/show_bug.cgi?id=2245335
https://bugzilla.redhat.com/show_bug.cgi?id=2245699
https://bugzilla.redhat.com/show_bug.cgi?id=2247232
https://bugzilla.redhat.com/show_bug.cgi?id=2248825
https://bugzilla.redhat.com/show_bug.cgi?id=2249014
https://bugzilla.redhat.com/show_bug.cgi?id=2249017
https://bugzilla.redhat.com/show_bug.cgi?id=2249565
https://bugzilla.redhat.com/show_bug.cgi?id=2249571
https://bugzilla.redhat.com/show_bug.cgi?id=2251768
https://bugzilla.redhat.com/show_bug.cgi?id=2252781
https://bugzilla.redhat.com/show_bug.cgi?id=2253672
https://bugzilla.redhat.com/show_bug.cgi?id=2255035
https://bugzilla.redhat.com/show_bug.cgi?id=2255436
https://bugzilla.redhat.com/show_bug.cgi?id=2256172
https://bugzilla.redhat.com/show_bug.cgi?id=2257421
https://bugzilla.redhat.com/show_bug.cgi?id=2259297

Related news

Ubuntu Security Notice USN-6613-1

Ubuntu Security Notice 6613-1 - Lucas Henry discovered that Ceph incorrectly handled specially crafted POST requests. An unprivileged user could use this to bypass Ceph's authorization checks and upload a file to any bucket.

Packet Storm: Latest News

Ubuntu Security Notice USN-7121-3