Lucene search

RedHatRHSA-2023:3623

HistoryJun 15, 2023 - 9:08 a.m.

(RHSA-2023:3623) Moderate: Red Hat Ceph Storage 6.1 security and bug fix update

2023-06-1509:08:35

access.redhat.com

red hat ceph storage

6.1

security update

bug fix

scalable storage

software-defined

stable version

ceph management

enhancements

cve-2022-31129

cve-2021-4231

dos

xss vulnerability

cvss score

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

69.3%

JSON

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

These new packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the
most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index

Security Fix(es):

moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
angular: XSS vulnerability (CVE-2021-4231)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All users of Red Hat Ceph Storage are advised to update to these packages that provide numerous enhancements and bug fixes.

OSVersionArchitecturePackageVersionFilename
RedHat9ppc64leceph-exporter-debuginfo< 17.2.6-70.el9cpceph-exporter-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
RedHat9s390xlibrados2< 17.2.6-70.el9cplibrados2-17.2.6-70.el9cp.s390x.rpm
RedHat9s390xlibrgw-devel< 17.2.6-70.el9cplibrgw-devel-17.2.6-70.el9cp.s390x.rpm
RedHat9s390xrbd-nbd-debuginfo< 17.2.6-70.el9cprbd-nbd-debuginfo-17.2.6-70.el9cp.s390x.rpm
RedHat9ppc64lelibrados-devel-debuginfo< 17.2.6-70.el9cplibrados-devel-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
RedHat9ppc64leceph-mon-debuginfo< 17.2.6-70.el9cpceph-mon-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
RedHat9s390xpython3-rbd-debuginfo< 17.2.6-70.el9cppython3-rbd-debuginfo-17.2.6-70.el9cp.s390x.rpm
RedHat9x86_64ceph-debuginfo< 17.2.6-70.el9cpceph-debuginfo-17.2.6-70.el9cp.x86_64.rpm
RedHat9ppc64lelibrbd1< 17.2.6-70.el9cplibrbd1-17.2.6-70.el9cp.ppc64le.rpm
RedHat9ppc64lelibrgw2-debuginfo< 17.2.6-70.el9cplibrgw2-debuginfo-17.2.6-70.el9cp.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	ppc64le	ceph-exporter-debuginfo	< 17.2.6-70.el9cp	ceph-exporter-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
RedHat	9	s390x	librados2	< 17.2.6-70.el9cp	librados2-17.2.6-70.el9cp.s390x.rpm
RedHat	9	s390x	librgw-devel	< 17.2.6-70.el9cp	librgw-devel-17.2.6-70.el9cp.s390x.rpm
RedHat	9	s390x	rbd-nbd-debuginfo	< 17.2.6-70.el9cp	rbd-nbd-debuginfo-17.2.6-70.el9cp.s390x.rpm
RedHat	9	ppc64le	librados-devel-debuginfo	< 17.2.6-70.el9cp	librados-devel-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
RedHat	9	ppc64le	ceph-mon-debuginfo	< 17.2.6-70.el9cp	ceph-mon-debuginfo-17.2.6-70.el9cp.ppc64le.rpm
RedHat	9	s390x	python3-rbd-debuginfo	< 17.2.6-70.el9cp	python3-rbd-debuginfo-17.2.6-70.el9cp.s390x.rpm
RedHat	9	x86_64	ceph-debuginfo	< 17.2.6-70.el9cp	ceph-debuginfo-17.2.6-70.el9cp.x86_64.rpm
RedHat	9	ppc64le	librbd1	< 17.2.6-70.el9cp	librbd1-17.2.6-70.el9cp.ppc64le.rpm
RedHat	9	ppc64le	librgw2-debuginfo	< 17.2.6-70.el9cp	librgw2-debuginfo-17.2.6-70.el9cp.ppc64le.rpm