5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
69.3%
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
These new packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the
most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index
Security Fix(es):
moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
angular: XSS vulnerability (CVE-2021-4231)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All users of Red Hat Ceph Storage are advised to update to these packages that provide numerous enhancements and bug fixes.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 9 | ppc64le | ceph-exporter-debuginfo | < 17.2.6-70.el9cp | ceph-exporter-debuginfo-17.2.6-70.el9cp.ppc64le.rpm |
RedHat | 9 | s390x | librados2 | < 17.2.6-70.el9cp | librados2-17.2.6-70.el9cp.s390x.rpm |
RedHat | 9 | s390x | librgw-devel | < 17.2.6-70.el9cp | librgw-devel-17.2.6-70.el9cp.s390x.rpm |
RedHat | 9 | s390x | rbd-nbd-debuginfo | < 17.2.6-70.el9cp | rbd-nbd-debuginfo-17.2.6-70.el9cp.s390x.rpm |
RedHat | 9 | ppc64le | librados-devel-debuginfo | < 17.2.6-70.el9cp | librados-devel-debuginfo-17.2.6-70.el9cp.ppc64le.rpm |
RedHat | 9 | ppc64le | ceph-mon-debuginfo | < 17.2.6-70.el9cp | ceph-mon-debuginfo-17.2.6-70.el9cp.ppc64le.rpm |
RedHat | 9 | s390x | python3-rbd-debuginfo | < 17.2.6-70.el9cp | python3-rbd-debuginfo-17.2.6-70.el9cp.s390x.rpm |
RedHat | 9 | x86_64 | ceph-debuginfo | < 17.2.6-70.el9cp | ceph-debuginfo-17.2.6-70.el9cp.x86_64.rpm |
RedHat | 9 | ppc64le | librbd1 | < 17.2.6-70.el9cp | librbd1-17.2.6-70.el9cp.ppc64le.rpm |
RedHat | 9 | ppc64le | librgw2-debuginfo | < 17.2.6-70.el9cp | librgw2-debuginfo-17.2.6-70.el9cp.ppc64le.rpm |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
69.3%