RedHatRHSA-2024:0745(RHSA-2024:0745) Moderate: Red Hat Ceph Storage 5.3 Security update
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
12.3%
Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.
These updated packages include numerous bug fixes. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Ceph Storage Release Notes for information on the most
significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index
All users of Red Hat Ceph Storage are advised to update to these packages
that provide various bug fixes.
Security Fix(es):
-
rgw: improperly verified POST keys (CVE-2023-43040)
-
ceph: RGW crash upon misconfigured CORS rule (CVE-2023-46159)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | x86_64 | python3-rbd-debuginfo | < 16.2.10-248.el8cp | python3-rbd-debuginfo-16.2.10-248.el8cp.x86_64.rpm |
| RedHat | 8 | s390x | librbd1-debuginfo | < 16.2.10-248.el8cp | librbd1-debuginfo-16.2.10-248.el8cp.s390x.rpm |
| RedHat | 9 | s390x | python3-cephfs-debuginfo | < 16.2.10-248.el9cp | python3-cephfs-debuginfo-16.2.10-248.el9cp.s390x.rpm |
| RedHat | 9 | x86_64 | ceph-base | < 16.2.10-248.el9cp | ceph-base-16.2.10-248.el9cp.x86_64.rpm |
| RedHat | 9 | s390x | python3-ceph-argparse | < 16.2.10-248.el9cp | python3-ceph-argparse-16.2.10-248.el9cp.s390x.rpm |
| RedHat | 9 | x86_64 | librados2 | < 16.2.10-248.el9cp | librados2-16.2.10-248.el9cp.x86_64.rpm |
| RedHat | 8 | x86_64 | ceph-common-debuginfo | < 16.2.10-248.el8cp | ceph-common-debuginfo-16.2.10-248.el8cp.x86_64.rpm |
| RedHat | 8 | s390x | ceph-osd-debuginfo | < 16.2.10-248.el8cp | ceph-osd-debuginfo-16.2.10-248.el8cp.s390x.rpm |
| RedHat | 8 | noarch | ceph-mib | < 16.2.10-248.el8cp | ceph-mib-16.2.10-248.el8cp.noarch.rpm |
| RedHat | 8 | ppc64le | python3-ceph-argparse | < 16.2.10-248.el8cp | python3-ceph-argparse-16.2.10-248.el8cp.ppc64le.rpm |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
12.3%