An update for ceph is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1715 Final 1.0 1.0 2022-06-17 Initial 2022-06-17 2022-06-17 openEuler SA Tool V1.0 2022-06-17 ceph security update An update for ceph is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3. Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fix(es): An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20288) An update for ceph is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High ceph https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1715 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-20288 https://nvd.nist.gov/vuln/detail/CVE-2021-20288 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 librados-devel-12.2.8-22.oe1.aarch64.rpm ceph-common-12.2.8-22.oe1.aarch64.rpm ceph-radosgw-12.2.8-22.oe1.aarch64.rpm libcephfs2-12.2.8-22.oe1.aarch64.rpm librgw-devel-12.2.8-22.oe1.aarch64.rpm ceph-selinux-12.2.8-22.oe1.aarch64.rpm libradosstriper-devel-12.2.8-22.oe1.aarch64.rpm rbd-mirror-12.2.8-22.oe1.aarch64.rpm python-ceph-compat-12.2.8-22.oe1.aarch64.rpm ceph-test-12.2.8-22.oe1.aarch64.rpm ceph-mds-12.2.8-22.oe1.aarch64.rpm python-rgw-12.2.8-22.oe1.aarch64.rpm ceph-osd-12.2.8-22.oe1.aarch64.rpm libradosstriper1-12.2.8-22.oe1.aarch64.rpm python-cephfs-12.2.8-22.oe1.aarch64.rpm rbd-nbd-12.2.8-22.oe1.aarch64.rpm python3-rados-12.2.8-22.oe1.aarch64.rpm libcephfs-devel-12.2.8-22.oe1.aarch64.rpm python3-rgw-12.2.8-22.oe1.aarch64.rpm librgw2-12.2.8-22.oe1.aarch64.rpm python3-rbd-12.2.8-22.oe1.aarch64.rpm ceph-debuginfo-12.2.8-22.oe1.aarch64.rpm librbd1-12.2.8-22.oe1.aarch64.rpm librbd-devel-12.2.8-22.oe1.aarch64.rpm ceph-mon-12.2.8-22.oe1.aarch64.rpm python-rados-12.2.8-22.oe1.aarch64.rpm librados2-12.2.8-22.oe1.aarch64.rpm ceph-mgr-12.2.8-22.oe1.aarch64.rpm python3-cephfs-12.2.8-22.oe1.aarch64.rpm python3-ceph-argparse-12.2.8-22.oe1.aarch64.rpm rbd-fuse-12.2.8-22.oe1.aarch64.rpm ceph-debugsource-12.2.8-22.oe1.aarch64.rpm python-rbd-12.2.8-22.oe1.aarch64.rpm ceph-base-12.2.8-22.oe1.aarch64.rpm ceph-fuse-12.2.8-22.oe1.aarch64.rpm ceph-12.2.8-22.oe1.aarch64.rpm ceph-resource-agents-12.2.8-22.oe1.aarch64.rpm rados-objclass-devel-12.2.8-22.oe1.aarch64.rpm ceph-mds-12.2.8-22.oe1.aarch64.rpm ceph-common-12.2.8-22.oe1.aarch64.rpm ceph-radosgw-12.2.8-22.oe1.aarch64.rpm librgw2-12.2.8-22.oe1.aarch64.rpm ceph-mgr-12.2.8-22.oe1.aarch64.rpm python-rados-12.2.8-22.oe1.aarch64.rpm ceph-osd-12.2.8-22.oe1.aarch64.rpm python-rbd-12.2.8-22.oe1.aarch64.rpm ceph-selinux-12.2.8-22.oe1.aarch64.rpm python3-rados-12.2.8-22.oe1.aarch64.rpm librbd1-12.2.8-22.oe1.aarch64.rpm librados2-12.2.8-22.oe1.aarch64.rpm python3-ceph-argparse-12.2.8-22.oe1.aarch64.rpm libradosstriper1-12.2.8-22.oe1.aarch64.rpm librbd-devel-12.2.8-22.oe1.aarch64.rpm librados-devel-12.2.8-22.oe1.aarch64.rpm python-ceph-compat-12.2.8-22.oe1.aarch64.rpm ceph-resource-agents-12.2.8-22.oe1.aarch64.rpm ceph-debugsource-12.2.8-22.oe1.aarch64.rpm ceph-debuginfo-12.2.8-22.oe1.aarch64.rpm python-cephfs-12.2.8-22.oe1.aarch64.rpm libcephfs-devel-12.2.8-22.oe1.aarch64.rpm python3-cephfs-12.2.8-22.oe1.aarch64.rpm libradosstriper-devel-12.2.8-22.oe1.aarch64.rpm ceph-fuse-12.2.8-22.oe1.aarch64.rpm rbd-nbd-12.2.8-22.oe1.aarch64.rpm libcephfs2-12.2.8-22.oe1.aarch64.rpm python3-rgw-12.2.8-22.oe1.aarch64.rpm librgw-devel-12.2.8-22.oe1.aarch64.rpm ceph-12.2.8-22.oe1.aarch64.rpm rados-objclass-devel-12.2.8-22.oe1.aarch64.rpm ceph-mon-12.2.8-22.oe1.aarch64.rpm python-rgw-12.2.8-22.oe1.aarch64.rpm ceph-test-12.2.8-22.oe1.aarch64.rpm rbd-fuse-12.2.8-22.oe1.aarch64.rpm python3-rbd-12.2.8-22.oe1.aarch64.rpm rbd-mirror-12.2.8-22.oe1.aarch64.rpm ceph-base-12.2.8-22.oe1.aarch64.rpm ceph-12.2.8-22.oe1.src.rpm ceph-12.2.8-22.oe1.src.rpm libcephfs2-12.2.8-22.oe1.x86_64.rpm librgw-devel-12.2.8-22.oe1.x86_64.rpm python3-cephfs-12.2.8-22.oe1.x86_64.rpm python3-rgw-12.2.8-22.oe1.x86_64.rpm python-cephfs-12.2.8-22.oe1.x86_64.rpm python3-ceph-argparse-12.2.8-22.oe1.x86_64.rpm rados-objclass-devel-12.2.8-22.oe1.x86_64.rpm ceph-base-12.2.8-22.oe1.x86_64.rpm ceph-osd-12.2.8-22.oe1.x86_64.rpm ceph-radosgw-12.2.8-22.oe1.x86_64.rpm librados2-12.2.8-22.oe1.x86_64.rpm rbd-mirror-12.2.8-22.oe1.x86_64.rpm python3-rbd-12.2.8-22.oe1.x86_64.rpm ceph-12.2.8-22.oe1.x86_64.rpm python-ceph-compat-12.2.8-22.oe1.x86_64.rpm python-rados-12.2.8-22.oe1.x86_64.rpm libradosstriper1-12.2.8-22.oe1.x86_64.rpm libradosstriper-devel-12.2.8-22.oe1.x86_64.rpm ceph-debuginfo-12.2.8-22.oe1.x86_64.rpm python-rbd-12.2.8-22.oe1.x86_64.rpm ceph-mds-12.2.8-22.oe1.x86_64.rpm python-rgw-12.2.8-22.oe1.x86_64.rpm librgw2-12.2.8-22.oe1.x86_64.rpm ceph-fuse-12.2.8-22.oe1.x86_64.rpm ceph-common-12.2.8-22.oe1.x86_64.rpm librbd-devel-12.2.8-22.oe1.x86_64.rpm rbd-fuse-12.2.8-22.oe1.x86_64.rpm librbd1-12.2.8-22.oe1.x86_64.rpm ceph-resource-agents-12.2.8-22.oe1.x86_64.rpm ceph-debugsource-12.2.8-22.oe1.x86_64.rpm ceph-mon-12.2.8-22.oe1.x86_64.rpm python3-rados-12.2.8-22.oe1.x86_64.rpm rbd-nbd-12.2.8-22.oe1.x86_64.rpm ceph-selinux-12.2.8-22.oe1.x86_64.rpm ceph-mgr-12.2.8-22.oe1.x86_64.rpm librados-devel-12.2.8-22.oe1.x86_64.rpm libcephfs-devel-12.2.8-22.oe1.x86_64.rpm ceph-test-12.2.8-22.oe1.x86_64.rpm ceph-mgr-12.2.8-22.oe1.x86_64.rpm python3-rbd-12.2.8-22.oe1.x86_64.rpm libcephfs2-12.2.8-22.oe1.x86_64.rpm ceph-mds-12.2.8-22.oe1.x86_64.rpm python3-rados-12.2.8-22.oe1.x86_64.rpm python3-cephfs-12.2.8-22.oe1.x86_64.rpm ceph-radosgw-12.2.8-22.oe1.x86_64.rpm ceph-osd-12.2.8-22.oe1.x86_64.rpm python3-rgw-12.2.8-22.oe1.x86_64.rpm python-cephfs-12.2.8-22.oe1.x86_64.rpm ceph-test-12.2.8-22.oe1.x86_64.rpm ceph-base-12.2.8-22.oe1.x86_64.rpm libradosstriper-devel-12.2.8-22.oe1.x86_64.rpm libradosstriper1-12.2.8-22.oe1.x86_64.rpm rbd-fuse-12.2.8-22.oe1.x86_64.rpm ceph-common-12.2.8-22.oe1.x86_64.rpm ceph-debugsource-12.2.8-22.oe1.x86_64.rpm librbd1-12.2.8-22.oe1.x86_64.rpm librados2-12.2.8-22.oe1.x86_64.rpm python-rbd-12.2.8-22.oe1.x86_64.rpm python-ceph-compat-12.2.8-22.oe1.x86_64.rpm ceph-fuse-12.2.8-22.oe1.x86_64.rpm libcephfs-devel-12.2.8-22.oe1.x86_64.rpm python-rgw-12.2.8-22.oe1.x86_64.rpm python3-ceph-argparse-12.2.8-22.oe1.x86_64.rpm ceph-mon-12.2.8-22.oe1.x86_64.rpm rbd-mirror-12.2.8-22.oe1.x86_64.rpm ceph-resource-agents-12.2.8-22.oe1.x86_64.rpm rbd-nbd-12.2.8-22.oe1.x86_64.rpm ceph-12.2.8-22.oe1.x86_64.rpm librbd-devel-12.2.8-22.oe1.x86_64.rpm librgw2-12.2.8-22.oe1.x86_64.rpm python-rados-12.2.8-22.oe1.x86_64.rpm ceph-selinux-12.2.8-22.oe1.x86_64.rpm ceph-debuginfo-12.2.8-22.oe1.x86_64.rpm librados-devel-12.2.8-22.oe1.x86_64.rpm librgw-devel-12.2.8-22.oe1.x86_64.rpm rados-objclass-devel-12.2.8-22.oe1.x86_64.rpm An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn t sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2022-06-17 CVE-2021-20288 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 High 7.2 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N ceph security update 2022-06-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1715