An update for ceph is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1715
Final
1.0
1.0
2022-06-17
Initial
2022-06-17
2022-06-17
openEuler SA Tool V1.0
2022-06-17
ceph security update
An update for ceph is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3.
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.
Security Fix(es):
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20288)
An update for ceph is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
ceph
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1715
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-20288
https://nvd.nist.gov/vuln/detail/CVE-2021-20288
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
librados-devel-12.2.8-22.oe1.aarch64.rpm
ceph-common-12.2.8-22.oe1.aarch64.rpm
ceph-radosgw-12.2.8-22.oe1.aarch64.rpm
libcephfs2-12.2.8-22.oe1.aarch64.rpm
librgw-devel-12.2.8-22.oe1.aarch64.rpm
ceph-selinux-12.2.8-22.oe1.aarch64.rpm
libradosstriper-devel-12.2.8-22.oe1.aarch64.rpm
rbd-mirror-12.2.8-22.oe1.aarch64.rpm
python-ceph-compat-12.2.8-22.oe1.aarch64.rpm
ceph-test-12.2.8-22.oe1.aarch64.rpm
ceph-mds-12.2.8-22.oe1.aarch64.rpm
python-rgw-12.2.8-22.oe1.aarch64.rpm
ceph-osd-12.2.8-22.oe1.aarch64.rpm
libradosstriper1-12.2.8-22.oe1.aarch64.rpm
python-cephfs-12.2.8-22.oe1.aarch64.rpm
rbd-nbd-12.2.8-22.oe1.aarch64.rpm
python3-rados-12.2.8-22.oe1.aarch64.rpm
libcephfs-devel-12.2.8-22.oe1.aarch64.rpm
python3-rgw-12.2.8-22.oe1.aarch64.rpm
librgw2-12.2.8-22.oe1.aarch64.rpm
python3-rbd-12.2.8-22.oe1.aarch64.rpm
ceph-debuginfo-12.2.8-22.oe1.aarch64.rpm
librbd1-12.2.8-22.oe1.aarch64.rpm
librbd-devel-12.2.8-22.oe1.aarch64.rpm
ceph-mon-12.2.8-22.oe1.aarch64.rpm
python-rados-12.2.8-22.oe1.aarch64.rpm
librados2-12.2.8-22.oe1.aarch64.rpm
ceph-mgr-12.2.8-22.oe1.aarch64.rpm
python3-cephfs-12.2.8-22.oe1.aarch64.rpm
python3-ceph-argparse-12.2.8-22.oe1.aarch64.rpm
rbd-fuse-12.2.8-22.oe1.aarch64.rpm
ceph-debugsource-12.2.8-22.oe1.aarch64.rpm
python-rbd-12.2.8-22.oe1.aarch64.rpm
ceph-base-12.2.8-22.oe1.aarch64.rpm
ceph-fuse-12.2.8-22.oe1.aarch64.rpm
ceph-12.2.8-22.oe1.aarch64.rpm
ceph-resource-agents-12.2.8-22.oe1.aarch64.rpm
rados-objclass-devel-12.2.8-22.oe1.aarch64.rpm
ceph-mds-12.2.8-22.oe1.aarch64.rpm
ceph-common-12.2.8-22.oe1.aarch64.rpm
ceph-radosgw-12.2.8-22.oe1.aarch64.rpm
librgw2-12.2.8-22.oe1.aarch64.rpm
ceph-mgr-12.2.8-22.oe1.aarch64.rpm
python-rados-12.2.8-22.oe1.aarch64.rpm
ceph-osd-12.2.8-22.oe1.aarch64.rpm
python-rbd-12.2.8-22.oe1.aarch64.rpm
ceph-selinux-12.2.8-22.oe1.aarch64.rpm
python3-rados-12.2.8-22.oe1.aarch64.rpm
librbd1-12.2.8-22.oe1.aarch64.rpm
librados2-12.2.8-22.oe1.aarch64.rpm
python3-ceph-argparse-12.2.8-22.oe1.aarch64.rpm
libradosstriper1-12.2.8-22.oe1.aarch64.rpm
librbd-devel-12.2.8-22.oe1.aarch64.rpm
librados-devel-12.2.8-22.oe1.aarch64.rpm
python-ceph-compat-12.2.8-22.oe1.aarch64.rpm
ceph-resource-agents-12.2.8-22.oe1.aarch64.rpm
ceph-debugsource-12.2.8-22.oe1.aarch64.rpm
ceph-debuginfo-12.2.8-22.oe1.aarch64.rpm
python-cephfs-12.2.8-22.oe1.aarch64.rpm
libcephfs-devel-12.2.8-22.oe1.aarch64.rpm
python3-cephfs-12.2.8-22.oe1.aarch64.rpm
libradosstriper-devel-12.2.8-22.oe1.aarch64.rpm
ceph-fuse-12.2.8-22.oe1.aarch64.rpm
rbd-nbd-12.2.8-22.oe1.aarch64.rpm
libcephfs2-12.2.8-22.oe1.aarch64.rpm
python3-rgw-12.2.8-22.oe1.aarch64.rpm
librgw-devel-12.2.8-22.oe1.aarch64.rpm
ceph-12.2.8-22.oe1.aarch64.rpm
rados-objclass-devel-12.2.8-22.oe1.aarch64.rpm
ceph-mon-12.2.8-22.oe1.aarch64.rpm
python-rgw-12.2.8-22.oe1.aarch64.rpm
ceph-test-12.2.8-22.oe1.aarch64.rpm
rbd-fuse-12.2.8-22.oe1.aarch64.rpm
python3-rbd-12.2.8-22.oe1.aarch64.rpm
rbd-mirror-12.2.8-22.oe1.aarch64.rpm
ceph-base-12.2.8-22.oe1.aarch64.rpm
ceph-12.2.8-22.oe1.src.rpm
ceph-12.2.8-22.oe1.src.rpm
libcephfs2-12.2.8-22.oe1.x86_64.rpm
librgw-devel-12.2.8-22.oe1.x86_64.rpm
python3-cephfs-12.2.8-22.oe1.x86_64.rpm
python3-rgw-12.2.8-22.oe1.x86_64.rpm
python-cephfs-12.2.8-22.oe1.x86_64.rpm
python3-ceph-argparse-12.2.8-22.oe1.x86_64.rpm
rados-objclass-devel-12.2.8-22.oe1.x86_64.rpm
ceph-base-12.2.8-22.oe1.x86_64.rpm
ceph-osd-12.2.8-22.oe1.x86_64.rpm
ceph-radosgw-12.2.8-22.oe1.x86_64.rpm
librados2-12.2.8-22.oe1.x86_64.rpm
rbd-mirror-12.2.8-22.oe1.x86_64.rpm
python3-rbd-12.2.8-22.oe1.x86_64.rpm
ceph-12.2.8-22.oe1.x86_64.rpm
python-ceph-compat-12.2.8-22.oe1.x86_64.rpm
python-rados-12.2.8-22.oe1.x86_64.rpm
libradosstriper1-12.2.8-22.oe1.x86_64.rpm
libradosstriper-devel-12.2.8-22.oe1.x86_64.rpm
ceph-debuginfo-12.2.8-22.oe1.x86_64.rpm
python-rbd-12.2.8-22.oe1.x86_64.rpm
ceph-mds-12.2.8-22.oe1.x86_64.rpm
python-rgw-12.2.8-22.oe1.x86_64.rpm
librgw2-12.2.8-22.oe1.x86_64.rpm
ceph-fuse-12.2.8-22.oe1.x86_64.rpm
ceph-common-12.2.8-22.oe1.x86_64.rpm
librbd-devel-12.2.8-22.oe1.x86_64.rpm
rbd-fuse-12.2.8-22.oe1.x86_64.rpm
librbd1-12.2.8-22.oe1.x86_64.rpm
ceph-resource-agents-12.2.8-22.oe1.x86_64.rpm
ceph-debugsource-12.2.8-22.oe1.x86_64.rpm
ceph-mon-12.2.8-22.oe1.x86_64.rpm
python3-rados-12.2.8-22.oe1.x86_64.rpm
rbd-nbd-12.2.8-22.oe1.x86_64.rpm
ceph-selinux-12.2.8-22.oe1.x86_64.rpm
ceph-mgr-12.2.8-22.oe1.x86_64.rpm
librados-devel-12.2.8-22.oe1.x86_64.rpm
libcephfs-devel-12.2.8-22.oe1.x86_64.rpm
ceph-test-12.2.8-22.oe1.x86_64.rpm
ceph-mgr-12.2.8-22.oe1.x86_64.rpm
python3-rbd-12.2.8-22.oe1.x86_64.rpm
libcephfs2-12.2.8-22.oe1.x86_64.rpm
ceph-mds-12.2.8-22.oe1.x86_64.rpm
python3-rados-12.2.8-22.oe1.x86_64.rpm
python3-cephfs-12.2.8-22.oe1.x86_64.rpm
ceph-radosgw-12.2.8-22.oe1.x86_64.rpm
ceph-osd-12.2.8-22.oe1.x86_64.rpm
python3-rgw-12.2.8-22.oe1.x86_64.rpm
python-cephfs-12.2.8-22.oe1.x86_64.rpm
ceph-test-12.2.8-22.oe1.x86_64.rpm
ceph-base-12.2.8-22.oe1.x86_64.rpm
libradosstriper-devel-12.2.8-22.oe1.x86_64.rpm
libradosstriper1-12.2.8-22.oe1.x86_64.rpm
rbd-fuse-12.2.8-22.oe1.x86_64.rpm
ceph-common-12.2.8-22.oe1.x86_64.rpm
ceph-debugsource-12.2.8-22.oe1.x86_64.rpm
librbd1-12.2.8-22.oe1.x86_64.rpm
librados2-12.2.8-22.oe1.x86_64.rpm
python-rbd-12.2.8-22.oe1.x86_64.rpm
python-ceph-compat-12.2.8-22.oe1.x86_64.rpm
ceph-fuse-12.2.8-22.oe1.x86_64.rpm
libcephfs-devel-12.2.8-22.oe1.x86_64.rpm
python-rgw-12.2.8-22.oe1.x86_64.rpm
python3-ceph-argparse-12.2.8-22.oe1.x86_64.rpm
ceph-mon-12.2.8-22.oe1.x86_64.rpm
rbd-mirror-12.2.8-22.oe1.x86_64.rpm
ceph-resource-agents-12.2.8-22.oe1.x86_64.rpm
rbd-nbd-12.2.8-22.oe1.x86_64.rpm
ceph-12.2.8-22.oe1.x86_64.rpm
librbd-devel-12.2.8-22.oe1.x86_64.rpm
librgw2-12.2.8-22.oe1.x86_64.rpm
python-rados-12.2.8-22.oe1.x86_64.rpm
ceph-selinux-12.2.8-22.oe1.x86_64.rpm
ceph-debuginfo-12.2.8-22.oe1.x86_64.rpm
librados-devel-12.2.8-22.oe1.x86_64.rpm
librgw-devel-12.2.8-22.oe1.x86_64.rpm
rados-objclass-devel-12.2.8-22.oe1.x86_64.rpm
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn t sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
2022-06-17
CVE-2021-20288
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
High
7.2
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
ceph security update
2022-06-17
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1715