Security Bulletin: IBM Storage Ceph is vulnerable to the Improper Restriction of Operations within Memory Buffer in the RHEL UBI (CVE-2023-1255, CVE-2023-2650)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-1255, CVE-2023-2650. Vulnerability Details CVEID:CVE-2023-1255 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...

CVE-2023-46159

IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in the RHEL UBI (CVE-2023-27533)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-27533 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-27533 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

Security Bulletin: IBM Storage Ceph is vulnerable to a stack overflow attack in Golang (CVE-2022-24675)

Summary Golang is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-24675 Vulnerability Details CVEID: CVE-2022-24675 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a stack-based buffer overflow in encoding/pem in the Decode feature. By...