Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-3623-01

Red Hat Security Advisory 2023-3623-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages include numerous enhancements and bug fixes. Issues addressed include cross site scripting and denial of service vulnerabilities.

Packet Storm
#sql#xss#vulnerability#linux#red_hat#dos#js#git#php#perl#aws#auth#ssh#sap

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Ceph Storage 6.1 security and bug fix update
Advisory ID: RHSA-2023:3623-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3623
Issue date: 2023-06-15
CVE Names: CVE-2021-4231 CVE-2022-31129
====================================================================

  1. Summary:

New packages for Red Hat Ceph Storage 6.1 are now available on Red Hat
Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Ceph Storage 6.1 Tools - noarch, ppc64le, s390x, x86_64

  1. Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.

These new packages include numerous enhancements and bug fixes. Space
precludes documenting all of these changes in this advisory. Users are
directed to the Red Hat Ceph Storage Release Notes for information on the
most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index

Security Fix(es):

  • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

  • angular: XSS vulnerability (CVE-2021-4231)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All users of Red Hat Ceph Storage are advised to update to these packages
that provide numerous enhancements and bug fixes.

  1. Solution:

For details on how to apply this update, see Upgrade a Red Hat Ceph Storage
cluster using cephadm in the Red Hat Storage Ceph Upgrade Guide
(https://access.redhat.com/documentation/en-us/red_hat_ceph_storage).

  1. Bugs fixed (https://bugzilla.redhat.com/):

1467648 - [RFE] support x-amz-replication-status for multisite
1600995 - rgw_user_max_buckets is not applied to non-rgw users
1783271 - [RFE] support for key rotation
1794550 - [Graceful stop/restart/shutdown] multiple ceph admin sockets
1929760 - [RFE] [Ceph-Dashboard] [Ceph-mgr] Dashboard to display per OSD slow op counter and type of slow op
1932764 - [RFE] Bootstrap console logs are through STDERR stream
1937618 - [CEE][RGW]Bucket policies disappears in archive zone when an object is inserted in master zone bucket
1975689 - Listing of snapshots are not always successful on nfs exports
1991808 - [rgw-multisite][LC]: LC rules applied from the master do not run on the slave.
2004175 - [RGW][Notification][kafka][MS]: arn not populated with zonegroup in event record
2016288 - [RFE] Defining a zone-group when deploying RGW service with cephadm
2016949 - [RADOS]: OSD add command has no return error/alert message to convey OSD not added with wrong hostname
2024444 - [rbd-mirror] Enabling mirroring on image in a namespace falsely fails saying cannot enable mirroring in current pool mirroring mode
2025815 - [RFE] RBD Mirror Geo-replication metrics
2028058 - [RFE][Ceph Dashboard] Add alert panel in the front dashboard
2029714 - ceph --version command reports incorrect ceph version in 5.x post upgrade from 4.2 when compared with ceph version output
2036063 - [GSS][Cephadm][Add the deletion of the cluster logs in the cephadm rm-cluster]
2053347 - [RFE] [RGW-MultiSite] [Notification] bucket notification types for replication events (S3 notifications extension, upstream)
2053471 - dashboard: add support for Ceph Authx (client auth mgmt)
2064260 - [GSS][RFE] Support for AWS PublicAccessBlock
2064265 - [GSS][RFE] Feature to disable the ability to set lifecycle policies
2067709 - [RFE] Add metric relative to osd blocklist
2076709 - per host ceph-exporter daemon
2080926 - [cephadm][ingress]: AssertionError seen upon restarting haproxy and keepalived using service name
2082666 - [cee/sd][RGW] Bucket notification: http endpoints with one trailing slash in the push-endpoint URL failed to create topic
2092506 - [cephadm] orch upgrade status help message is not apt
2094052 - CVE-2021-4231 angular: XSS vulnerability
2097027 - [cee/sd][ceph-dasboard] pool health on primary site shows error for one way rbd_mirror configuration
2097187 - Unable to redeploy the active mgr instance via “ceph orch daemon redeploy <mgr> <img>” command
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
2105950 - [RHOS17][RFE] RGW does not support get object with temp_url using SHA256 digest (required for FIPS)
2106421 - [rbd-mirror]: mirror image status : non-primary : description : syncing_percent showing invalid value (3072000)
2108228 - sosreport logs from ODF cluster mangled
2108489 - [CephFS metadata information missing during a Ceph upgrade]
2109224 - [RFE] deploy custom RGW realm/zone using orchestrator and a specification file
2110290 - Multiple “CephPGImbalance” alerts on Dashboard
2111282 - Misleading information displayed using osd_mclock_max_capacity_iops_[hdd, ssd] command.
2111364 - [rbd_support] recover from RADOS instance blocklisting
2111680 - cephadm --config initial-ceph.conf no longer supports comma delimited networks for routed traffic
2111751 - [ceph-dashboard] In expand cluster create osd default selected as recommended not working
2112309 - [cee/sd][cephadm]Getting the warning “Unable to parse <spec>.yml succesfully” while bootstrapping
2114835 - prometheus reports an error during evaluation of CephPoolGrowthWarning alert rule
2120624 - don’t leave an incomplete primary snapshot if the peer who is handling snapshot creation dies
2124441 - [cephadm] osd spec crush_device_class and host identifier “location”
2127345 - [RGW MultiSite] : during upgrade 2 rgw(out of 6) had Segmentation fault
2127926 - [RGW][MS]: bucket sync markers fails with ERROR: sync.read_sync_status() returned error=0
2129861 - [cee/sd][ceph-dashboard] Unable to access dashboard when enabling the “url_prefix” in RHCS 5.2 dashboard configuration
2132554 - [RHCS 5.3][Multisite sync policies: disabling per-bucket replication doesn’t work if the zones replicate]
2133341 - [RFE] [RBD Mirror] Support force promote an image for RBD mirroring through dashboard
2133549 - [CEE] dashboard binds to host.containers.internal with podman-4.1.1-2.module+el8.6.0+15917+093ca6f8.x86_64
2133802 - [RGW] RFE: Enable the Ceph Mgr RGW module
2136031 - cephfs-top -d <seconds> not working as expected
2136304 - [cee][rgw] Upgrade to 4.3z1 with vault results in (AccessDenied) failures when accessing buckets.
2136336 - [cee/sd][Cephadm] ceph mgr is filling up the log messages “Detected new or changed devices” for all OSD nodes every 30 min un-neccessarily
2137596 - [RGW] Suspending bucket versioning in primary/secondary zone also suspends bucket versioning in the archive zone
2138793 - make cephfs-top display scroll-able like top(1) and fix the blank screen for great number of clients
2138794 - [RGW][The ‘select object content’ API is not working as intended for CSV files]
2138933 - [RGW]: Slow object expiration observed with LC
2139694 - RGW cloud Transition. Found Errors during transition when using MCG Azure Namespacestore with a pre-created bucket
2139769 - [ceph-dashboard] rbd mirror sync progress shows empty
2140074 - [cee/sd][cephfs][dashboard]While evicting one client via ceph dashboard, it evicts all other client mounts of the ceph filesystem
2140784 - [CEE] cephfs mds crash /builddir/build/BUILD/ceph-16.2.8/src/mds/Server.cc: In function 'CDentry* Server::prepare_stray_dentry(MDRequestRef&, CInode*)' thread 7feb58dcd700 time 2022-11-06T13:26:27.233738+0000
2141110 - [RFE] Improve handling of BlueFS ENOSPC
2142167 - [RHCS 6.x] OSD crashes due to suicide timeout in rgw gc object class code, need assistance for core analysis
2142431 - [RFE] Enabling additional metrics in node-exporter container
2143285 - RFE: OSDs need ability to bind to a service IP instead of the pod IP to support RBD mirroring in OCP clusters
2145104 - [ceph-dashboard] unable to create snapshot of an image using dashboard
2146544 - [RFE] Provide support for labeled perf counters in Ceph Exporter
2146546 - [RFE] Refactor RBD mirror metrics to use new labeled performance counter
2147346 - [RFE] New metric to provide rbd mirror image status and snapshot replication information
2147348 - [RFE] Add additional fields about image status in rbd mirror comands
2149259 - [RGW][Notification][Kafka]: wrong event timestamp seen as 0.000000 for multipart upload events in event record
2149415 - [cephfs][nfs] “ceph nfs cluster info” shows does not exist cluster
2149533 - [RFE - Stretch Cluster] Provide way for Cephadm orch to deploy new Monitor daemons with “crush_location” attribute
2151189 - [cephadm] DriveGroup can’t handle multiple crush_device_classes
2152963 - ceph cluster upgrade failure/handling report with offline hosts needs to be improved
2153196 - snap-schedule add command is failing when subvolume argument is provided
2153452 - [6.0][sse-s3][bucket-encryption]: Multipart object uploads are not encrypted, even though bucket encryption is set on a bucket
2153533 - [RGW][Notification][kafka]: object size 0 seen in event record upon lifecycle expiration event
2153673 - snapshot schedule stopped on one image and mirroring stopped on secondary images while upgrading from 16.2.10-82 to 16.2.10-84
2153726 - [RFE] On the Dashboard -> Cluster -> Monitoring page, source url of prometheus is in format http://hostname:9095 which doesn’t work when you click.
2158689 - cephfs-top: new options to sort and limit
2159294 - Large Omap objects found in pool ‘ocs-storagecluster-cephfilesystem-metadata’
2159307 - mds/PurgeQueue: don’t consider filer_max_purge_ops when _calculate_ops
2160598 - [GSS] MDSs are read only, after commit error on cache.dir(0x1)
2161479 - MDS: scan_stray_dir doesn’t walk through all stray inode fragment
2161483 - mds: md_log_replay thread (replay thread) can remain blocked
2163473 - [Workload-DFG] small object recovery, backfill too slow and low client throughput!
2164327 - [Ceph-Dashboard] Hosts page flickers on auto refresh
2168541 - mon: prevent allocating snapids allocated for CephFS
2172791 - mds: make num_fwd and num_retry to __u32
2175307 - [RFE] Catch MDS damage to the dentry’s first snapid
2180110 - cephadm: reduce spam to cephadm.log
2180567 - rebase ceph to 17.2.6
2181055 - [rbd-mirror] RPO not met when adding latency between clusters
2182022 - [RGW multisite][Archive zone][Duplicate objects in the archive zone]
2182035 - [RHCS 6.0][Cephadm][Permission denied errors upgrading to RHCS 6]
2182564 - mds: force replay sessionmap version
2182613 - client: fix CEPH_CAP_FILE_WR caps reference leakage in _write()
2184268 - [RGW][Notification][Kafka]: persistent notifications not seen after kafka is up for events happened when kafka is down
2185588 - [CEE/sd][Ceph-volume] wrong block_db_size computed when adding OSD
2185772 - [Ceph-Dashboard] Fix issues in the rhcs 6.1 branding
2186095 - [Ceph Dashboard]: Upgrade the grafana version to latest
2186126 - [RFE] Recovery Throughput Metrics to Dashboard Landing page
2186472 - [RGW Multisite]: If cloud transition happens on primary of multisite , secondary has no metadata of the object
2186557 - Metrics names produced by Ceph exporter differ form the name produced by Prometheus manager module
2186738 - [CEE/sd][ceph-monitoring][node-exporter] node-exporter on a fresh installation is crashing due to panic: "node_rapl_package-0-die-0_joules_total" is not a valid metric name
2186760 - Getting 411, missing content length error for PutObject operations for clients accessing via aws-sdk in RHCS5 cluster
2186774 - [RHCS 5.3z1][Cannot run bucket stats command on deleted buckets in the AZ]
2187265 - [Dashboard] Landing page has a hyperlink for Manager page even though it does not exist
2187394 - [RGW CloudTransition] tier configuration incorrectly parses keys starting with digit
2187617 - [6.1][rgw-ms] Writing on a bucket with num_shards 0 causes sync issues and rgws to segfault on the replication site.
2187659 - ceph fs snap-schedule listing is failing
2188266 - In OSP17.1 with Ceph Storage 6.0 object_storage tests fail with Unauthorized
2188460 - MDS Behind on trimming (145961/128) max_segments: 128, num_segments: 145961
2189308 - [RGW][Notification][Kafka]: bucket owner not in event record and received object size 0 for s3:ObjectSynced:Create event
2190412 - [cee/sd][cephadm][testfix] Zapping OSDs on Hosts deployed with Ceph RHCS 4.2z4 or before does not work after upgrade to RHCS 5.3z2 testfix
2196421 - update nfs-ganesha to V5.1 in RHCS 6.1
2196920 - Bring in ceph-mgr module framework dependencies for BZ 2111364
2203098 - [Dashboard] Red Hat Logo on the welcome page is too large
2203160 - [rbd_support] recover from “double blocklisting” (being blocklisted while recovering from blocklisting)
2203747 - Running cephadm-distribute-ssh-key.yml will require ansible.posix collection package downstream
2204479 - Ceph Common: “rgw-orphan-list” and “ceph-diff-sorted” missing from package
2207702 - RGW server crashes when using S3 PutBucketReplication API
2207718 - [RGW][notification][kafka]: segfault observed when bucket is configured with incorrect kafka broker
2209109 - [Ceph Dashboard]: fix pool_objects_repaired and daemon_health_metrics format
2209300 - [Dashboard] Refresh and information button misaligned on the Overall performance page
2209375 - [RHCS Tracker] After add capacity the rebalance does not complete, and we see 2 PGs in active+clean+scrubbing and 1 active+clean+scrubbing+deep
2209970 - [ceph-dashboard] snapshot create button got disabled in ceph dashboard
2210698 - [Dashboard] User with read-only permission cannot access the Dashboard landing page

  1. Package List:

Red Hat Ceph Storage 6.1 Tools:

Source:
ansible-collection-ansible-posix-1.2.0-1.3.el9ost.src.rpm
ceph-17.2.6-70.el9cp.src.rpm
cephadm-ansible-2.15.0-1.el9cp.src.rpm

noarch:
ansible-collection-ansible-posix-1.2.0-1.3.el9ost.noarch.rpm
ceph-mib-17.2.6-70.el9cp.noarch.rpm
ceph-resource-agents-17.2.6-70.el9cp.noarch.rpm
cephadm-17.2.6-70.el9cp.noarch.rpm
cephadm-ansible-2.15.0-1.el9cp.noarch.rpm
cephfs-top-17.2.6-70.el9cp.noarch.rpm

ppc64le:
ceph-base-17.2.6-70.el9cp.ppc64le.rpm
ceph-base-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
ceph-common-17.2.6-70.el9cp.ppc64le.rpm
ceph-common-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
ceph-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
ceph-debugsource-17.2.6-70.el9cp.ppc64le.rpm
ceph-exporter-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
ceph-fuse-17.2.6-70.el9cp.ppc64le.rpm
ceph-fuse-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
ceph-immutable-object-cache-17.2.6-70.el9cp.ppc64le.rpm
ceph-immutable-object-cache-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
ceph-mds-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
ceph-mgr-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
ceph-mon-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
ceph-osd-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
ceph-radosgw-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
ceph-selinux-17.2.6-70.el9cp.ppc64le.rpm
ceph-test-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
cephfs-mirror-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
libcephfs-devel-17.2.6-70.el9cp.ppc64le.rpm
libcephfs2-17.2.6-70.el9cp.ppc64le.rpm
libcephfs2-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
libcephsqlite-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
librados-devel-17.2.6-70.el9cp.ppc64le.rpm
librados-devel-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
librados2-17.2.6-70.el9cp.ppc64le.rpm
librados2-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
libradospp-devel-17.2.6-70.el9cp.ppc64le.rpm
libradosstriper1-17.2.6-70.el9cp.ppc64le.rpm
libradosstriper1-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
librbd-devel-17.2.6-70.el9cp.ppc64le.rpm
librbd1-17.2.6-70.el9cp.ppc64le.rpm
librbd1-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
librgw-devel-17.2.6-70.el9cp.ppc64le.rpm
librgw2-17.2.6-70.el9cp.ppc64le.rpm
librgw2-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
python3-ceph-argparse-17.2.6-70.el9cp.ppc64le.rpm
python3-ceph-common-17.2.6-70.el9cp.ppc64le.rpm
python3-cephfs-17.2.6-70.el9cp.ppc64le.rpm
python3-cephfs-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
python3-rados-17.2.6-70.el9cp.ppc64le.rpm
python3-rados-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
python3-rbd-17.2.6-70.el9cp.ppc64le.rpm
python3-rbd-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
python3-rgw-17.2.6-70.el9cp.ppc64le.rpm
python3-rgw-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
rbd-fuse-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
rbd-mirror-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
rbd-nbd-17.2.6-70.el9cp.ppc64le.rpm
rbd-nbd-debuginfo-17.2.6-70.el9cp.ppc64le.rpm

s390x:
ceph-base-17.2.6-70.el9cp.s390x.rpm
ceph-base-debuginfo-17.2.6-70.el9cp.s390x.rpm
ceph-common-17.2.6-70.el9cp.s390x.rpm
ceph-common-debuginfo-17.2.6-70.el9cp.s390x.rpm
ceph-debuginfo-17.2.6-70.el9cp.s390x.rpm
ceph-debugsource-17.2.6-70.el9cp.s390x.rpm
ceph-exporter-debuginfo-17.2.6-70.el9cp.s390x.rpm
ceph-fuse-17.2.6-70.el9cp.s390x.rpm
ceph-fuse-debuginfo-17.2.6-70.el9cp.s390x.rpm
ceph-immutable-object-cache-17.2.6-70.el9cp.s390x.rpm
ceph-immutable-object-cache-debuginfo-17.2.6-70.el9cp.s390x.rpm
ceph-mds-debuginfo-17.2.6-70.el9cp.s390x.rpm
ceph-mgr-debuginfo-17.2.6-70.el9cp.s390x.rpm
ceph-mon-debuginfo-17.2.6-70.el9cp.s390x.rpm
ceph-osd-debuginfo-17.2.6-70.el9cp.s390x.rpm
ceph-radosgw-debuginfo-17.2.6-70.el9cp.s390x.rpm
ceph-selinux-17.2.6-70.el9cp.s390x.rpm
ceph-test-debuginfo-17.2.6-70.el9cp.s390x.rpm
cephfs-mirror-debuginfo-17.2.6-70.el9cp.s390x.rpm
libcephfs-devel-17.2.6-70.el9cp.s390x.rpm
libcephfs2-17.2.6-70.el9cp.s390x.rpm
libcephfs2-debuginfo-17.2.6-70.el9cp.s390x.rpm
libcephsqlite-debuginfo-17.2.6-70.el9cp.s390x.rpm
librados-devel-17.2.6-70.el9cp.s390x.rpm
librados-devel-debuginfo-17.2.6-70.el9cp.s390x.rpm
librados2-17.2.6-70.el9cp.s390x.rpm
librados2-debuginfo-17.2.6-70.el9cp.s390x.rpm
libradospp-devel-17.2.6-70.el9cp.s390x.rpm
libradosstriper1-17.2.6-70.el9cp.s390x.rpm
libradosstriper1-debuginfo-17.2.6-70.el9cp.s390x.rpm
librbd-devel-17.2.6-70.el9cp.s390x.rpm
librbd1-17.2.6-70.el9cp.s390x.rpm
librbd1-debuginfo-17.2.6-70.el9cp.s390x.rpm
librgw-devel-17.2.6-70.el9cp.s390x.rpm
librgw2-17.2.6-70.el9cp.s390x.rpm
librgw2-debuginfo-17.2.6-70.el9cp.s390x.rpm
python3-ceph-argparse-17.2.6-70.el9cp.s390x.rpm
python3-ceph-common-17.2.6-70.el9cp.s390x.rpm
python3-cephfs-17.2.6-70.el9cp.s390x.rpm
python3-cephfs-debuginfo-17.2.6-70.el9cp.s390x.rpm
python3-rados-17.2.6-70.el9cp.s390x.rpm
python3-rados-debuginfo-17.2.6-70.el9cp.s390x.rpm
python3-rbd-17.2.6-70.el9cp.s390x.rpm
python3-rbd-debuginfo-17.2.6-70.el9cp.s390x.rpm
python3-rgw-17.2.6-70.el9cp.s390x.rpm
python3-rgw-debuginfo-17.2.6-70.el9cp.s390x.rpm
rbd-fuse-debuginfo-17.2.6-70.el9cp.s390x.rpm
rbd-mirror-debuginfo-17.2.6-70.el9cp.s390x.rpm
rbd-nbd-17.2.6-70.el9cp.s390x.rpm
rbd-nbd-debuginfo-17.2.6-70.el9cp.s390x.rpm

x86_64:
ceph-base-17.2.6-70.el9cp.x86_64.rpm
ceph-base-debuginfo-17.2.6-70.el9cp.x86_64.rpm
ceph-common-17.2.6-70.el9cp.x86_64.rpm
ceph-common-debuginfo-17.2.6-70.el9cp.x86_64.rpm
ceph-debuginfo-17.2.6-70.el9cp.x86_64.rpm
ceph-debugsource-17.2.6-70.el9cp.x86_64.rpm
ceph-exporter-debuginfo-17.2.6-70.el9cp.x86_64.rpm
ceph-fuse-17.2.6-70.el9cp.x86_64.rpm
ceph-fuse-debuginfo-17.2.6-70.el9cp.x86_64.rpm
ceph-immutable-object-cache-17.2.6-70.el9cp.x86_64.rpm
ceph-immutable-object-cache-debuginfo-17.2.6-70.el9cp.x86_64.rpm
ceph-mds-debuginfo-17.2.6-70.el9cp.x86_64.rpm
ceph-mgr-debuginfo-17.2.6-70.el9cp.x86_64.rpm
ceph-mon-debuginfo-17.2.6-70.el9cp.x86_64.rpm
ceph-osd-debuginfo-17.2.6-70.el9cp.x86_64.rpm
ceph-radosgw-debuginfo-17.2.6-70.el9cp.x86_64.rpm
ceph-selinux-17.2.6-70.el9cp.x86_64.rpm
ceph-test-debuginfo-17.2.6-70.el9cp.x86_64.rpm
cephfs-mirror-debuginfo-17.2.6-70.el9cp.x86_64.rpm
libcephfs-devel-17.2.6-70.el9cp.x86_64.rpm
libcephfs2-17.2.6-70.el9cp.x86_64.rpm
libcephfs2-debuginfo-17.2.6-70.el9cp.x86_64.rpm
libcephsqlite-debuginfo-17.2.6-70.el9cp.x86_64.rpm
librados-devel-17.2.6-70.el9cp.x86_64.rpm
librados-devel-debuginfo-17.2.6-70.el9cp.x86_64.rpm
librados2-17.2.6-70.el9cp.x86_64.rpm
librados2-debuginfo-17.2.6-70.el9cp.x86_64.rpm
libradospp-devel-17.2.6-70.el9cp.x86_64.rpm
libradosstriper1-17.2.6-70.el9cp.x86_64.rpm
libradosstriper1-debuginfo-17.2.6-70.el9cp.x86_64.rpm
librbd-devel-17.2.6-70.el9cp.x86_64.rpm
librbd1-17.2.6-70.el9cp.x86_64.rpm
librbd1-debuginfo-17.2.6-70.el9cp.x86_64.rpm
librgw-devel-17.2.6-70.el9cp.x86_64.rpm
librgw2-17.2.6-70.el9cp.x86_64.rpm
librgw2-debuginfo-17.2.6-70.el9cp.x86_64.rpm
python3-ceph-argparse-17.2.6-70.el9cp.x86_64.rpm
python3-ceph-common-17.2.6-70.el9cp.x86_64.rpm
python3-cephfs-17.2.6-70.el9cp.x86_64.rpm
python3-cephfs-debuginfo-17.2.6-70.el9cp.x86_64.rpm
python3-rados-17.2.6-70.el9cp.x86_64.rpm
python3-rados-debuginfo-17.2.6-70.el9cp.x86_64.rpm
python3-rbd-17.2.6-70.el9cp.x86_64.rpm
python3-rbd-debuginfo-17.2.6-70.el9cp.x86_64.rpm
python3-rgw-17.2.6-70.el9cp.x86_64.rpm
python3-rgw-debuginfo-17.2.6-70.el9cp.x86_64.rpm
rbd-fuse-debuginfo-17.2.6-70.el9cp.x86_64.rpm
rbd-mirror-debuginfo-17.2.6-70.el9cp.x86_64.rpm
rbd-nbd-17.2.6-70.el9cp.x86_64.rpm
rbd-nbd-debuginfo-17.2.6-70.el9cp.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2021-4231
https://access.redhat.com/security/cve/CVE-2022-31129
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZIsIddzjgjWX9erEAQhbjhAAg/on2z/MB4R4mlzsTtLu8B3quYQKJF7L
fgwH5Pw4SeZZhd7cMuLL1aHbKJtcXWqjsc8m8u3IYk67eYgOiFjvqQWiykxDHzq8
5iJM9CSgEUF/9oAru45TrnHB8UXp3ut0TKPBHFPnXnz2EyU3szSfEoxM0tN1Bnz+
mRXZZ9kXhuGq6qaXqcl9e1RZRST9PmP7WHVqbO+o9DwSHI9ddWhJD/6aESoMpUhU
3s+NhCWYMaUK5Xj2+xlpAEEecjh8Y6DdoKXT5u8YHUE/4QamDoWJd2rghrSP8lS0
xHzbMdYKSHyhnuL3/5qRKrWGqaYrTQd3JSNuq3+pqqXVNWF2GNuDVQNqjIfVW+zN
j/XLIchcQxtD+aGH53wn1kQ0NfFOCvoYXWdmW1WOY2hjq8aMdl4ftnZbfbGdQtZE
UMRbSrqyvNE7DpbqZ87kydSw3e2VnEXLiXLCQGODQTiCwxCWyaRP/Lvd1MRxGdRW
WO78/45NZ0JBjWCWlwEdLxgHtHMz6wL7Zr3CMilDfgiGATp9Y5yLEhZfIdprR5pn
HgGuCdm6Sv9GdfZ9jhhk2OjVZBzhXwxld2+nKiJIWloltpjY5C4L7OSUoX+FVO2h
vfWCQE13NcQjv3yqk6+LgB0F/ySVZYnjYg8k40W+bxV3Aaz7fDLkxemlqnyHsE0C
Z+7JzWRJE8A¾DC
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Ubuntu Security Notice USN-6550-1

Ubuntu Security Notice 6550-1 - It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service.

CVE-2022-4039

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

RHSA-2023:3623: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security and bug fix update

New packages for Red Hat Ceph Storage 6.1 are now available on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4231: A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) in development, with Server-side rendering (SSR enabled). * CVE-2022-31129: A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constru...

RHSA-2023:3623: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security and bug fix update

New packages for Red Hat Ceph Storage 6.1 are now available on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4231: A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) in development, with Server-side rendering (SSR enabled). * CVE-2022-31129: A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constru...

Red Hat Security Advisory 2023-1486-01

Red Hat Security Advisory 2023-1486-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, code execution, and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6696-01

Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.

RHSA-2022:6696: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...

Red Hat Security Advisory 2022-6507-01

Red Hat Security Advisory 2022-6507-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

RHSA-2022:6507: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.2 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2

Red Hat Security Advisory 2022-6422-01

Red Hat Security Advisory 2022-6422-01 - Multicluster Engine for Kubernetes 2.0.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

RHSA-2022:6422: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes

Multicluster Engine for Kubernetes 2.0.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2

Red Hat Security Advisory 2022-5914-01

Red Hat Security Advisory 2022-5914-01 - Red Hat Kiali for OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers containers for the release. Issues addressed include a denial of service vulnerability.

CVE-2022-31129: [bugfix] Fix redos in preprocessRFC2822 regex (#6015) · moment/moment@9a3b589

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.

GHSA-c75v-2vq8-878f: Cross site scripting in Angular

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.

CVE-2021-4231

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.

Packet Storm: Latest News

Zeek 6.0.9