(RHSA-2020:4143) Moderate: OCS 3.11.z async security, bug fix, and enhancement update

2020-09-3015:04:23

access.redhat.com

0.0005 Low

EPSS

Percentile

17.8%

JSON

Red Hat OpenShift Container Storage(OCS) is a provider of agnostic persistent storage for OpenShift Container Platform either in-house or in a hybrid cloud. As a Red Hat storage solution, OCS is completely integrated with OpenShift Container Platform for deployment, management, and monitoring.

Security Fix(es):

gluster-block: information disclosure through world-readable gluster-block log files (CVE-2020-10762)
heketi: gluster-block volume password details available in logs (CVE-2020-10763)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Earlier, the tcmu-runner did not give details about the file operations stuck at the backend glusterfs block hosting volume. With this change, the tcmu-runner is now able to log details about the file operations stuck at the backend glusterfs block hosting volume and this will help identify the root cause of the input/output errors easily. (BZ#1850361)
Earlier, there was no log rotation with gluster-block logs. With this release, log rotation is possible for gluster-block and tcmu-runner relevant logs. (BZ#1850365)
Earlier, heketi did not track all the changes made to volumes as part of device remove operation. With this release, heketi’s device remove operation is fully tracked and is based on a series of brick evict operations making the operation more reliable. (BZ#1850072)
An access flaw CVE-2020-13867 was found in targetcli due to which the files under ‘/etc/target’ and ‘/etc/target/backup’ directory were widely accessible. With this release, the access flaw is fixed as a workaround in gluster-block to protect these files from any potential attacks for accessing sensitive information, until the flaw is resolved and made available in targetcli.(BZ#1850077)

All Red Hat OpenShift Container Storage users are advised to upgrade to these updated packages.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64tcmu-runner< 1.2.0-32.2.el7rhgstcmu-runner-1.2.0-32.2.el7rhgs.x86_64.rpm
RedHat7x86_64tcmu-runner-debuginfo< 1.2.0-32.2.el7rhgstcmu-runner-debuginfo-1.2.0-32.2.el7rhgs.x86_64.rpm
RedHat7x86_64gluster-block< 0.2.1-36.2.el7rhgsgluster-block-0.2.1-36.2.el7rhgs.x86_64.rpm
RedHat7x86_64python-heketi< 9.0.0-9.5.el7rhgspython-heketi-9.0.0-9.5.el7rhgs.x86_64.rpm
RedHat7x86_64libtcmu< 1.2.0-32.2.el7rhgslibtcmu-1.2.0-32.2.el7rhgs.x86_64.rpm
RedHat7x86_64heketi< 9.0.0-9.5.el7rhgsheketi-9.0.0-9.5.el7rhgs.x86_64.rpm
RedHat7x86_64libtcmu-devel< 1.2.0-32.2.el7rhgslibtcmu-devel-1.2.0-32.2.el7rhgs.x86_64.rpm
RedHat7x86_64gluster-block-debuginfo< 0.2.1-36.2.el7rhgsgluster-block-debuginfo-0.2.1-36.2.el7rhgs.x86_64.rpm
RedHat7x86_64heketi-client< 9.0.0-9.5.el7rhgsheketi-client-9.0.0-9.5.el7rhgs.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	tcmu-runner	< 1.2.0-32.2.el7rhgs	tcmu-runner-1.2.0-32.2.el7rhgs.x86_64.rpm
RedHat	7	x86_64	tcmu-runner-debuginfo	< 1.2.0-32.2.el7rhgs	tcmu-runner-debuginfo-1.2.0-32.2.el7rhgs.x86_64.rpm
RedHat	7	x86_64	gluster-block	< 0.2.1-36.2.el7rhgs	gluster-block-0.2.1-36.2.el7rhgs.x86_64.rpm
RedHat	7	x86_64	python-heketi	< 9.0.0-9.5.el7rhgs	python-heketi-9.0.0-9.5.el7rhgs.x86_64.rpm
RedHat	7	x86_64	libtcmu	< 1.2.0-32.2.el7rhgs	libtcmu-1.2.0-32.2.el7rhgs.x86_64.rpm
RedHat	7	x86_64	heketi	< 9.0.0-9.5.el7rhgs	heketi-9.0.0-9.5.el7rhgs.x86_64.rpm
RedHat	7	x86_64	libtcmu-devel	< 1.2.0-32.2.el7rhgs	libtcmu-devel-1.2.0-32.2.el7rhgs.x86_64.rpm
RedHat	7	x86_64	gluster-block-debuginfo	< 0.2.1-36.2.el7rhgs	gluster-block-debuginfo-0.2.1-36.2.el7rhgs.x86_64.rpm
RedHat	7	x86_64	heketi-client	< 9.0.0-9.5.el7rhgs	heketi-client-9.0.0-9.5.el7rhgs.x86_64.rpm