Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:1716
HistoryMay 05, 2022 - 7:38 a.m.

(RHSA-2022:1716) Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update

2022-05-0507:38:36
access.redhat.com
109

0.005 Low

EPSS

Percentile

76.7%

JSON

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

Security Fix(es):

  • python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)

  • ceph object gateway: radosgw: CRLF injection (CVE-2021-3524)

  • ceph: Ceph volume does not honour osd_dmcrypt_key_size (CVE-2021-3979)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

These new packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/4.3/html/release_notes/index

All users of Red Hat Ceph Storage are advised to upgrade to these new packages, which provide bug fixes.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64ceph-mds< 14.2.22-110.el7cpceph-mds-14.2.22-110.el7cp.x86_64.rpm
RedHat7ppc64lenfs-ganesha-rgw< 3.5-1.2.el7cpnfs-ganesha-rgw-3.5-1.2.el7cp.ppc64le.rpm
RedHat7x86_64ceph-mgr< 14.2.22-110.el7cpceph-mgr-14.2.22-110.el7cp.x86_64.rpm
RedHat8ppc64leceph-mds-debuginfo< 14.2.22-110.el8cpceph-mds-debuginfo-14.2.22-110.el8cp.ppc64le.rpm
RedHat8x86_64librados2-debuginfo< 14.2.22-110.el8cplibrados2-debuginfo-14.2.22-110.el8cp.x86_64.rpm
RedHat8x86_64nfs-ganesha-vfs< 3.5-1.2.el8cpnfs-ganesha-vfs-3.5-1.2.el8cp.x86_64.rpm
RedHat8x86_64nfs-ganesha-rados-grace< 3.5-1.2.el8cpnfs-ganesha-rados-grace-3.5-1.2.el8cp.x86_64.rpm
RedHat8s390xlibntirpc-debuginfo< 3.4-1.1.el8cplibntirpc-debuginfo-3.4-1.1.el8cp.s390x.rpm
RedHat7noarchceph-grafana-dashboards< 14.2.22-110.el7cpceph-grafana-dashboards-14.2.22-110.el7cp.noarch.rpm
RedHat8x86_64nfs-ganesha-vfs-debuginfo< 3.5-1.2.el8cpnfs-ganesha-vfs-debuginfo-3.5-1.2.el8cp.x86_64.rpm
Rows per page:
1-10 of 3071

Related

nessus 23
redhat 5
fedora 7
nvd 3
mageia 3
veracode 3
osv 10
openvas 28
redhatcve 3
cve 3
prion 3
github 1
ubuntucve 3
debiancve 3
amazon 1
cvelist 3
suse 3
alpinelinux 1
ubuntu 3
debian 2
archlinux 1
ibm 2
nessus
nessus
RHEL 7 / 8 : Red Hat Ceph Storage 4.3 Security and Bug Fix update (Moderate) (RHSA-2022:1716)
2022-05-05 00:00:00
RHEL 8 : Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update (Moderate) (RHSA-2022:1174)
2022-04-05 00:00:00
SUSE SLES12 Security Update : python-rsa (SUSE-SU-2023:0648-1)
2023-03-08 00:00:00
redhat
redhat
(RHSA-2022:1174) Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update
2022-04-04 08:52:58
(RHSA-2020:5634) Moderate: OpenShift Container Platform 4.7.0 packages security update
2021-02-24 13:56:32
(RHSA-2021:0637) Important: OpenShift Container Platform 3.11.394 bug fix and security update
2021-03-03 12:05:11
fedora
fedora
[SECURITY] Fedora 34 Update: python-rsa-4.7.2-1.fc34
2021-09-24 20:32:52
[SECURITY] Fedora 35 Update: python-rsa-4.7.2-1.fc35
2021-09-24 20:55:15
[SECURITY] Fedora 33 Update: python-rsa-4.7.2-1.fc33
2021-09-24 20:38:04
nvd
nvd
CVE-2020-25658
2020-11-12 14:15:22
CVE-2021-3979
2022-08-25 20:15:09
CVE-2021-3524
2021-05-17 17:15:08
mageia
mageia
Updated python-rsa packages fix security vulnerability
2021-10-02 21:57:04
Updated ceph packages fix security vulnerability
2022-04-13 19:06:19
Updated ceph packages fix a security vulnerability
2021-05-27 16:43:31
veracode
veracode
Insecure RSA Decryption (Bleichenbacher Timing Attack)
2020-11-10 06:54:44
Access Control Bypass
2022-04-23 00:42:48
Cross-Site Scripting (XSS)
2021-05-23 06:05:56
osv
osv
CVE-2020-25658
2020-11-12 14:15:22
PYSEC-2020-100
2020-11-12 14:15:00
Timing attacks in python-rsa
2021-04-30 17:35:15
openvas
openvas
Fedora: Security Advisory for python-rsa (FEDORA-2021-c1fef03e71)
2021-10-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3932-1)
2022-11-11 00:00:00
Fedora: Security Advisory for python-rsa (FEDORA-2021-783a157adc)
2021-10-02 00:00:00
redhatcve
redhatcve
CVE-2020-25658
2020-11-09 04:28:53
CVE-2021-3979
2022-01-12 23:22:09
CVE-2021-3524
2021-04-30 17:43:00
cve
cve
CVE-2020-25658
2020-11-12 14:15:22
CVE-2021-3979
2022-08-25 20:15:09
CVE-2021-3524
2021-05-17 17:15:08
prion
prion
Code injection
2020-11-12 14:15:00
Design/Logic Flaw
2022-08-25 20:15:00
Design/Logic Flaw
2021-05-17 17:15:00
github
github
Timing attacks in python-rsa
2021-04-30 17:35:15
ubuntucve
ubuntucve
CVE-2020-25658
2020-11-12 00:00:00
CVE-2021-3979
2022-08-25 00:00:00
CVE-2021-3524
2021-05-17 00:00:00
debiancve
debiancve
CVE-2020-25658
2020-11-12 14:15:22
CVE-2021-3979
2022-08-25 20:15:09
CVE-2021-3524
2021-05-17 17:15:08
amazon
amazon
Medium: python-rsa
2023-07-17 17:40:00
cvelist
cvelist
CVE-2020-25658
2020-11-12 13:48:31
CVE-2021-3979
2022-08-25 00:00:00
CVE-2021-3524
2021-05-17 00:00:00
suse
suse
Security update for ceph (important)
2022-08-16 00:00:00
Security update for ceph (important)
2021-06-04 00:00:00
Security update for ceph (important)
2021-07-11 00:00:00
alpinelinux
alpinelinux
CVE-2021-3524
2021-05-17 17:15:08
ubuntu
ubuntu
Ceph vulnerabilities
2023-05-09 00:00:00
Ceph vulnerabilities
2021-11-01 00:00:00
Ceph vulnerabilities
2021-06-25 00:00:00
debian
debian
[SECURITY] [DLA 3629-1] ceph security update
2023-10-23 16:59:44
[SECURITY] [DLA 2735-1] ceph security update
2021-08-10 22:05:10
archlinux
archlinux
[ASA-202105-3] ceph: multiple issues
2021-05-19 00:00:00
ibm
ibm
Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities
2022-08-23 22:32:13
Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities
2022-04-01 16:38:26

0.005 Low

EPSS

Percentile

76.7%

JSON
Related for RHSA-2022:1716
nessus23redhat5fedora7nvd3mageia3veracode3osv10openvas28redhatcve3cve3prion3github1ubuntucve3debiancve3amazon1cvelist3suse3alpinelinux1ubuntu3debian2archlinux1ibm2