RedHatRHSA-2020:4143(RHSA-2020:4143) Moderate: OCS 3.11.z async security, bug fix, and enhancement update
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.2%
Red Hat OpenShift Container Storage(OCS) is a provider of agnostic persistent storage for OpenShift Container Platform either in-house or in a hybrid cloud. As a Red Hat storage solution, OCS is completely integrated with OpenShift Container Platform for deployment, management, and monitoring.
Security Fix(es):
-
gluster-block: information disclosure through world-readable gluster-block log files (CVE-2020-10762)
-
heketi: gluster-block volume password details available in logs (CVE-2020-10763)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Earlier, the tcmu-runner did not give details about the file operations stuck at the backend glusterfs block hosting volume. With this change, the tcmu-runner is now able to log details about the file operations stuck at the backend glusterfs block hosting volume and this will help identify the root cause of the input/output errors easily. (BZ#1850361)
-
Earlier, there was no log rotation with gluster-block logs. With this release, log rotation is possible for gluster-block and tcmu-runner relevant logs. (BZ#1850365)
-
Earlier, heketi did not track all the changes made to volumes as part of device remove operation. With this release, heketiβs device remove operation is fully tracked and is based on a series of brick evict operations making the operation more reliable. (BZ#1850072)
-
An access flaw CVE-2020-13867 was found in targetcli due to which the files under β/etc/targetβ and β/etc/target/backupβ directory were widely accessible. With this release, the access flaw is fixed as a workaround in gluster-block to protect these files from any potential attacks for accessing sensitive information, until the flaw is resolved and made available in targetcli.(BZ#1850077)
All Red Hat OpenShift Container Storage users are advised to upgrade to these updated packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | x86_64 | gluster-block-debuginfo | <Β 0.2.1-36.2.el7rhgs | gluster-block-debuginfo-0.2.1-36.2.el7rhgs.x86_64.rpm |
| RedHat | 7 | x86_64 | libtcmu | <Β 1.2.0-32.2.el7rhgs | libtcmu-1.2.0-32.2.el7rhgs.x86_64.rpm |
| RedHat | 7 | x86_64 | gluster-block | <Β 0.2.1-36.2.el7rhgs | gluster-block-0.2.1-36.2.el7rhgs.x86_64.rpm |
| RedHat | 7 | x86_64 | heketi-client | <Β 9.0.0-9.5.el7rhgs | heketi-client-9.0.0-9.5.el7rhgs.x86_64.rpm |
| RedHat | 7 | x86_64 | heketi | <Β 9.0.0-9.5.el7rhgs | heketi-9.0.0-9.5.el7rhgs.x86_64.rpm |
| RedHat | 7 | x86_64 | tcmu-runner | <Β 1.2.0-32.2.el7rhgs | tcmu-runner-1.2.0-32.2.el7rhgs.x86_64.rpm |
| RedHat | 7 | x86_64 | python-heketi | <Β 9.0.0-9.5.el7rhgs | python-heketi-9.0.0-9.5.el7rhgs.x86_64.rpm |
| RedHat | 7 | x86_64 | tcmu-runner-debuginfo | <Β 1.2.0-32.2.el7rhgs | tcmu-runner-debuginfo-1.2.0-32.2.el7rhgs.x86_64.rpm |
| RedHat | 7 | x86_64 | libtcmu-devel | <Β 1.2.0-32.2.el7rhgs | libtcmu-devel-1.2.0-32.2.el7rhgs.x86_64.rpm |
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.2%