(RHSA-2015:1092) Moderate: ceph-deploy security update

2015-06-1115:49:16

access.redhat.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

Red Hat Ceph Storage is a massively scalable, open, software-defined
storage platform that combines the most stable version of Ceph with a Ceph
management platform, deployment tools, and support services.

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph
Storage, would create the keyring file with world readable permissions,
which could possibly allow a local user to obtain authentication
credentials from the keyring file. (CVE-2015-3010, CVE-2015-4053)

All ceph-deploy users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchceph-deploy< 1.5.22-0.4.rc1.el6cpceph-deploy-1.5.22-0.4.rc1.el6cp.noarch.rpm
RedHat6srcceph-deploy< 1.5.22-0.4.rc1.el6cpceph-deploy-1.5.22-0.4.rc1.el6cp.src.rpm
RedHat7srcceph-deploy< 1.5.22-0.4.rc1.el7cpceph-deploy-1.5.22-0.4.rc1.el7cp.src.rpm
RedHat7noarchceph-deploy< 1.5.22-0.4.rc1.el7cpceph-deploy-1.5.22-0.4.rc1.el7cp.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	noarch	ceph-deploy	< 1.5.22-0.4.rc1.el6cp	ceph-deploy-1.5.22-0.4.rc1.el6cp.noarch.rpm
RedHat	6	src	ceph-deploy	< 1.5.22-0.4.rc1.el6cp	ceph-deploy-1.5.22-0.4.rc1.el6cp.src.rpm
RedHat	7	src	ceph-deploy	< 1.5.22-0.4.rc1.el7cp	ceph-deploy-1.5.22-0.4.rc1.el7cp.src.rpm
RedHat	7	noarch	ceph-deploy	< 1.5.22-0.4.rc1.el7cp	ceph-deploy-1.5.22-0.4.rc1.el7cp.noarch.rpm

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for RHSA-2015:1092