-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Ceph Storage 3.3 Security and Bug Fix Update Advisory ID: RHSA-2021:1518-01 Product: Red Hat Ceph Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:1518 Issue date: 2021-05-06 CVE Names: CVE-2020-12059 CVE-2020-13379 CVE-2020-27781 CVE-2021-3139 ===================================================================== 1. Summary: An update is now available for Red Hat Ceph Storage 3.3 - Extended Life Support on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ceph Storage 3 MON - ELS - ppc64le, x86_64 Red Hat Ceph Storage 3 OSD - ELS - ppc64le, x86_64 Red Hat Ceph Storage 3 Tools - ELS - noarch, ppc64le, x86_64 3. Description: Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface (TCMU). It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores. Security Fix(es): * grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL (CVE-2020-13379) * ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila (CVE-2020-27781) * tcmu-runner: SCSI target (LIO) write to any block on ILO backstore (CVE-2021-3139) * ceph: specially crafted XML payload on POST requests leads to DoS by crashing RGW (CVE-2020-12059) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): This advisory fixes the following bug: * When rebooting OSDs, the `_OSD down_` tab in the `_CEPH Backend storage_` dashboard shows the correct number of OSDs that is `down`. However, when all OSDs are `up` again after the reboot, the tab continues showing the number of `down` OSDs. With this update, both CLI and Grafana values are matching during osd up/down operation and working as expected. (BZ#1652233) All users of Red Hat Ceph Storage are advised to upgrade to these updated packages. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1650209 - [Ceph-Dashboard] Latency by Server report appears to be calculating the latency incorrectly. 1652233 - [ceph-metrics]'OSDs down' tab is not working properly in 'CEPH Backend storage' Dashboard 1827262 - CVE-2020-12059 ceph: specially crafted XML payload on POST requests leads to DoS by crashing RGW 1829821 - facing rgw error - "/builddir/build/BUILD/ceph-12.2.8/src/rgw/rgw_sync.cc: In function 'virtual int PurgePeriodLogsCR::operate()' thread 7efe125d1700 .. .../rgw_sync.cc: 2387: FAILED assert(cursor) " 1830329 - rgw_bucket_parse_bucket_key function is holding old tenant value, when this function is executed in a loop 1832372 - MDS may crash when evicting a client 1842390 - [GSS] cephmetrics grafana dashboard do not show disk IOPS/Throughput in RHCS 3.3 1843640 - CVE-2020-13379 grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL 1871035 - [Ceph-Ansible]: ceph-ansible (3.2) deployment fails on pool creation because of exceeding max pgs value 1876551 - [ceph-ansible] : cluster configuration failed in step force peer addition as potential bootstrap peer saying object has no attribute 1882724 - containerized daemons die on dockerd restarts 1887661 - [GSS][RGW] ERROR: remove_expired_obj (rchs3.3z6) 1894426 - [GSS][RHCS3]high num_objects count in rgw.none bucket stats output 1896392 - [ceph-ansible] [ceph-container] : switch from rpm to containerized - OSDs not coming up after the switch saying encrypted device still in use 1896448 - [ceph-ansible] : switch from rpm to containerized - set proper permission - './block': Permission denied 1900109 - CVE-2020-27781 ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila 1901897 - osd containers fail to start when sr0 device is detected but no media is inserted 1906293 - [GSS] addition of osd getting failed in containerized RHCS environment with osd_auto_discovery: true 1915070 - [RGW] RGW failed assert (idx < m_upper_bound) in perf_counters 1915078 - rgw: omnibus 3.3 bucket listing correctness and perf issues 1916045 - CVE-2021-3139 tcmu-runner: SCSI target (LIO) write to any block on ILO backstore 1947072 - [container]: Osds are not deployed in containerized RHCS environment with osd_auto_discovery: false 1948050 - Switch to container playbook fails on colocated scenarios for Ubuntu OS 6. Package List: Red Hat Ceph Storage 3 MON - ELS: Source: ceph-12.2.12-139.el7cp.src.rpm ppc64le: ceph-base-12.2.12-139.el7cp.ppc64le.rpm ceph-common-12.2.12-139.el7cp.ppc64le.rpm ceph-debuginfo-12.2.12-139.el7cp.ppc64le.rpm ceph-mgr-12.2.12-139.el7cp.ppc64le.rpm ceph-mon-12.2.12-139.el7cp.ppc64le.rpm ceph-selinux-12.2.12-139.el7cp.ppc64le.rpm libcephfs-devel-12.2.12-139.el7cp.ppc64le.rpm libcephfs2-12.2.12-139.el7cp.ppc64le.rpm librados-devel-12.2.12-139.el7cp.ppc64le.rpm librados2-12.2.12-139.el7cp.ppc64le.rpm libradosstriper1-12.2.12-139.el7cp.ppc64le.rpm librbd-devel-12.2.12-139.el7cp.ppc64le.rpm librbd1-12.2.12-139.el7cp.ppc64le.rpm librgw-devel-12.2.12-139.el7cp.ppc64le.rpm librgw2-12.2.12-139.el7cp.ppc64le.rpm python-cephfs-12.2.12-139.el7cp.ppc64le.rpm python-rados-12.2.12-139.el7cp.ppc64le.rpm python-rbd-12.2.12-139.el7cp.ppc64le.rpm python-rgw-12.2.12-139.el7cp.ppc64le.rpm x86_64: ceph-base-12.2.12-139.el7cp.x86_64.rpm ceph-common-12.2.12-139.el7cp.x86_64.rpm ceph-debuginfo-12.2.12-139.el7cp.x86_64.rpm ceph-mgr-12.2.12-139.el7cp.x86_64.rpm ceph-mon-12.2.12-139.el7cp.x86_64.rpm ceph-selinux-12.2.12-139.el7cp.x86_64.rpm ceph-test-12.2.12-139.el7cp.x86_64.rpm libcephfs-devel-12.2.12-139.el7cp.x86_64.rpm libcephfs2-12.2.12-139.el7cp.x86_64.rpm librados-devel-12.2.12-139.el7cp.x86_64.rpm librados2-12.2.12-139.el7cp.x86_64.rpm libradosstriper1-12.2.12-139.el7cp.x86_64.rpm librbd-devel-12.2.12-139.el7cp.x86_64.rpm librbd1-12.2.12-139.el7cp.x86_64.rpm librgw-devel-12.2.12-139.el7cp.x86_64.rpm librgw2-12.2.12-139.el7cp.x86_64.rpm python-cephfs-12.2.12-139.el7cp.x86_64.rpm python-rados-12.2.12-139.el7cp.x86_64.rpm python-rbd-12.2.12-139.el7cp.x86_64.rpm python-rgw-12.2.12-139.el7cp.x86_64.rpm Red Hat Ceph Storage 3 OSD - ELS: Source: ceph-12.2.12-139.el7cp.src.rpm ppc64le: ceph-base-12.2.12-139.el7cp.ppc64le.rpm ceph-common-12.2.12-139.el7cp.ppc64le.rpm ceph-debuginfo-12.2.12-139.el7cp.ppc64le.rpm ceph-osd-12.2.12-139.el7cp.ppc64le.rpm ceph-selinux-12.2.12-139.el7cp.ppc64le.rpm libcephfs-devel-12.2.12-139.el7cp.ppc64le.rpm libcephfs2-12.2.12-139.el7cp.ppc64le.rpm librados-devel-12.2.12-139.el7cp.ppc64le.rpm librados2-12.2.12-139.el7cp.ppc64le.rpm libradosstriper1-12.2.12-139.el7cp.ppc64le.rpm librbd-devel-12.2.12-139.el7cp.ppc64le.rpm librbd1-12.2.12-139.el7cp.ppc64le.rpm librgw-devel-12.2.12-139.el7cp.ppc64le.rpm librgw2-12.2.12-139.el7cp.ppc64le.rpm python-cephfs-12.2.12-139.el7cp.ppc64le.rpm python-rados-12.2.12-139.el7cp.ppc64le.rpm python-rbd-12.2.12-139.el7cp.ppc64le.rpm python-rgw-12.2.12-139.el7cp.ppc64le.rpm x86_64: ceph-base-12.2.12-139.el7cp.x86_64.rpm ceph-common-12.2.12-139.el7cp.x86_64.rpm ceph-debuginfo-12.2.12-139.el7cp.x86_64.rpm ceph-osd-12.2.12-139.el7cp.x86_64.rpm ceph-selinux-12.2.12-139.el7cp.x86_64.rpm ceph-test-12.2.12-139.el7cp.x86_64.rpm libcephfs-devel-12.2.12-139.el7cp.x86_64.rpm libcephfs2-12.2.12-139.el7cp.x86_64.rpm librados-devel-12.2.12-139.el7cp.x86_64.rpm librados2-12.2.12-139.el7cp.x86_64.rpm libradosstriper1-12.2.12-139.el7cp.x86_64.rpm librbd-devel-12.2.12-139.el7cp.x86_64.rpm librbd1-12.2.12-139.el7cp.x86_64.rpm librgw-devel-12.2.12-139.el7cp.x86_64.rpm librgw2-12.2.12-139.el7cp.x86_64.rpm python-cephfs-12.2.12-139.el7cp.x86_64.rpm python-rados-12.2.12-139.el7cp.x86_64.rpm python-rbd-12.2.12-139.el7cp.x86_64.rpm python-rgw-12.2.12-139.el7cp.x86_64.rpm Red Hat Ceph Storage 3 Tools - ELS: Source: ceph-12.2.12-139.el7cp.src.rpm ceph-ansible-3.2.56-1.el7cp.src.rpm cephmetrics-2.0.10-1.el7cp.src.rpm grafana-5.2.4-3.el7cp.src.rpm tcmu-runner-1.4.0-3.el7cp.src.rpm noarch: ceph-ansible-3.2.56-1.el7cp.noarch.rpm ppc64le: ceph-base-12.2.12-139.el7cp.ppc64le.rpm ceph-common-12.2.12-139.el7cp.ppc64le.rpm ceph-debuginfo-12.2.12-139.el7cp.ppc64le.rpm ceph-fuse-12.2.12-139.el7cp.ppc64le.rpm ceph-mds-12.2.12-139.el7cp.ppc64le.rpm ceph-radosgw-12.2.12-139.el7cp.ppc64le.rpm ceph-selinux-12.2.12-139.el7cp.ppc64le.rpm libcephfs-devel-12.2.12-139.el7cp.ppc64le.rpm libcephfs2-12.2.12-139.el7cp.ppc64le.rpm librados-devel-12.2.12-139.el7cp.ppc64le.rpm librados2-12.2.12-139.el7cp.ppc64le.rpm libradosstriper1-12.2.12-139.el7cp.ppc64le.rpm librbd-devel-12.2.12-139.el7cp.ppc64le.rpm librbd1-12.2.12-139.el7cp.ppc64le.rpm librgw-devel-12.2.12-139.el7cp.ppc64le.rpm librgw2-12.2.12-139.el7cp.ppc64le.rpm python-cephfs-12.2.12-139.el7cp.ppc64le.rpm python-rados-12.2.12-139.el7cp.ppc64le.rpm python-rbd-12.2.12-139.el7cp.ppc64le.rpm python-rgw-12.2.12-139.el7cp.ppc64le.rpm rbd-mirror-12.2.12-139.el7cp.ppc64le.rpm tcmu-runner-1.4.0-3.el7cp.ppc64le.rpm tcmu-runner-debuginfo-1.4.0-3.el7cp.ppc64le.rpm x86_64: ceph-base-12.2.12-139.el7cp.x86_64.rpm ceph-common-12.2.12-139.el7cp.x86_64.rpm ceph-debuginfo-12.2.12-139.el7cp.x86_64.rpm ceph-fuse-12.2.12-139.el7cp.x86_64.rpm ceph-mds-12.2.12-139.el7cp.x86_64.rpm ceph-radosgw-12.2.12-139.el7cp.x86_64.rpm ceph-selinux-12.2.12-139.el7cp.x86_64.rpm cephmetrics-ansible-2.0.10-1.el7cp.x86_64.rpm grafana-5.2.4-3.el7cp.x86_64.rpm libcephfs-devel-12.2.12-139.el7cp.x86_64.rpm libcephfs2-12.2.12-139.el7cp.x86_64.rpm librados-devel-12.2.12-139.el7cp.x86_64.rpm librados2-12.2.12-139.el7cp.x86_64.rpm libradosstriper1-12.2.12-139.el7cp.x86_64.rpm librbd-devel-12.2.12-139.el7cp.x86_64.rpm librbd1-12.2.12-139.el7cp.x86_64.rpm librgw-devel-12.2.12-139.el7cp.x86_64.rpm librgw2-12.2.12-139.el7cp.x86_64.rpm python-cephfs-12.2.12-139.el7cp.x86_64.rpm python-rados-12.2.12-139.el7cp.x86_64.rpm python-rbd-12.2.12-139.el7cp.x86_64.rpm python-rgw-12.2.12-139.el7cp.x86_64.rpm rbd-mirror-12.2.12-139.el7cp.x86_64.rpm tcmu-runner-1.4.0-3.el7cp.x86_64.rpm tcmu-runner-debuginfo-1.4.0-3.el7cp.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12059 https://access.redhat.com/security/cve/CVE-2020-13379 https://access.redhat.com/security/cve/CVE-2020-27781 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYJQ2q9zjgjWX9erEAQjeZhAAn/0T7zB6gRsmvkHdDTJBVDWIptQjYzej G+12WhGags6+YKMsLDls8QnSgPTOt+SGPuyeiPnHQKDjz5urbkXmXJT8PfDt6AcO urWqOeubNPJAR/yllMM54JNbcjooeHqEVjP4fI2JaUurn9Jz4OKeUJyf58jRPMu8 7FxCr1gANbOM4npigZ0WbJR7tMnSI4vsag9OU+3VWwwb63JgUPmUCgo2Q1lSclPB vAntnKqaFSA+adJ8Cy4mwG1vSrULLLNpSvEAFwunmMT0u5k8cJCHdOTybsu3/XJ2 /U2k9GgL+J5s+AXcfTCQ7PU7GFsnL2zjMrrbVVLLRb+xVVUt27TRAPU5y8Sx3Dg8 sbhhi/K9SF6b9eiapmhBcVo6MmB+vOtBHbzzeFddT9Q9eI5soy+tO20VKkpOr5HJ yJ/tX8h4XEdwBmtvVfMB8u+YZdPIKGPkS/T/kMrsTfEpiA7bZzQLud1qjaXJ8QfK F/+3UpPjWS2l5v0JM+iccJgj8OgOWTSOqUCrFBnWiprml4YDgtlF5i2ciQ2rsf9W GT+L2PlIsUqa8dSs6gBXc/1Hyd3KEoz2efhap0nKyI35PWTwDzkHtDPEF1VviI+s qYEjiJG6u0I5omT77zfmV6ClBUYKnA4NaYd1dLmV/DWTlNZqVTDxdAmpcMXWeISF 5BkJLxojVFw= =nO1M -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce