RHSA-2024:4118

Description

Red Hat Security Advisory: Red Hat Ceph Storage 5.3 security, bug fix, and enhancement update

CVSS Metrics

• v3.1•HIGH•Score: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•ceph

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-ansible

  < 0:6.0.28.8-1.el8cp

• redhat•ceph-base

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-base-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-common

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-common-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-debugsource

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-fuse

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-fuse-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-grafana-dashboards

  < 2:16.2.10-266.el8cp

• redhat•ceph-immutable-object-cache

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-immutable-object-cache-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-mds

  < 2:16.2.10-266.el8cp

• redhat•ceph-mds-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-mgr

  < 2:16.2.10-266.el8cp

• redhat•ceph-mgr-cephadm

  < 2:16.2.10-266.el8cp

• redhat•ceph-mgr-dashboard

  < 2:16.2.10-266.el8cp

• redhat•ceph-mgr-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-mgr-diskprediction-local

  < 2:16.2.10-266.el8cp

• redhat•ceph-mgr-k8sevents

  < 2:16.2.10-266.el8cp

• redhat•ceph-mgr-modules-core

  < 2:16.2.10-266.el8cp

• redhat•ceph-mgr-rook

  < 2:16.2.10-266.el8cp

• redhat•ceph-mib

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-mon

  < 2:16.2.10-266.el8cp

• redhat•ceph-mon-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-osd

  < 2:16.2.10-266.el8cp

• redhat•ceph-osd-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-prometheus-alerts

  < 2:16.2.10-266.el8cp

• redhat•ceph-radosgw

  < 2:16.2.10-266.el8cp

• redhat•ceph-radosgw-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-resource-agents

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-selinux

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•ceph-test

  < 2:16.2.10-266.el8cp

• redhat•ceph-test-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•cephadm

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•cephfs-mirror

  < 2:16.2.10-266.el8cp

• redhat•cephfs-mirror-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•cephfs-top

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•libcephfs-devel

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•libcephfs2

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•libcephfs2-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•libcephsqlite

  < 2:16.2.10-266.el8cp

• redhat•libcephsqlite-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•librados-devel

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•librados-devel-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•librados2

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•librados2-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•libradospp-devel

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•libradosstriper1

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

• redhat•libradosstriper1-debuginfo

  < 2:16.2.10-266.el8cp | < 2:16.2.10-266.el9cp

Showing first 50 affected entries in server-rendered view.

References (31)

• https://access.redhat.com/errata/RHSA-2024:4118
• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
• https://access.redhat.com/security/cve/CVE-2023-39325
• https://access.redhat.com/security/cve/CVE-2023-45142
• https://access.redhat.com/security/cve/CVE-2023-49569
• https://bugzilla.redhat.com/show_bug.cgi?id=2243296
• https://bugzilla.redhat.com/show_bug.cgi?id=2245180
• https://bugzilla.redhat.com/show_bug.cgi?id=2257733
• https://bugzilla.redhat.com/show_bug.cgi?id=2258143
• https://bugzilla.redhat.com/show_bug.cgi?id=2259054
• https://bugzilla.redhat.com/show_bug.cgi?id=2260356
• https://bugzilla.redhat.com/show_bug.cgi?id=2264991
• https://bugzilla.redhat.com/show_bug.cgi?id=2279946
• https://bugzilla.redhat.com/show_bug.cgi?id=2281592
• https://bugzilla.redhat.com/show_bug.cgi?id=2291136
• https://bugzilla.redhat.com/show_bug.cgi?id=2292323
• https://bugzilla.redhat.com/show_bug.cgi?id=2292327
• https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4118.json
• https://www.cve.org/CVERecord?id=CVE-2023-39325
• https://nvd.nist.gov/vuln/detail/CVE-2023-39325
• https://access.redhat.com/security/cve/CVE-2023-44487
• https://go.dev/issue/63417
• https://pkg.go.dev/vuln/GO-2023-2102
• https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
• https://www.cve.org/CVERecord?id=CVE-2023-45142
• https://nvd.nist.gov/vuln/detail/CVE-2023-45142
• https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr
• https://www.cve.org/CVERecord?id=CVE-2023-49569
• https://nvd.nist.gov/vuln/detail/CVE-2023-49569
• https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88