Red Hat Ceph Storage is a massively scalable, open, software-defined
storage platform that combines the most stable version of Ceph with a Ceph
management platform, deployment tools, and support services.
It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph
Storage, would create the keyring file with world readable permissions,
which could possibly allow a local user to obtain authentication
credentials from the keyring file. (CVE-2015-3010, CVE-2015-4053)
All ceph-deploy users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | ceph-deploy | < 1.5.22-0.4.rc1.el6cp | ceph-deploy-1.5.22-0.4.rc1.el6cp.noarch.rpm |
RedHat | 6 | src | ceph-deploy | < 1.5.22-0.4.rc1.el6cp | ceph-deploy-1.5.22-0.4.rc1.el6cp.src.rpm |
RedHat | 7 | src | ceph-deploy | < 1.5.22-0.4.rc1.el7cp | ceph-deploy-1.5.22-0.4.rc1.el7cp.src.rpm |
RedHat | 7 | noarch | ceph-deploy | < 1.5.22-0.4.rc1.el7cp | ceph-deploy-1.5.22-0.4.rc1.el7cp.noarch.rpm |