exploit the possibilities

Red Hat Security Advisory 2019-0911-01

Red Hat Security Advisory 2019-0911-01
Posted May 1, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0911-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-19039
MD5 | 444899664506442d78eac488fe8d1d45

Red Hat Security Advisory 2019-0911-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Ceph Storage 3.2 security, bug fix, and enhancement update
Advisory ID: RHSA-2019:0911-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2019:0911
Issue date: 2019-04-30
CVE Names: CVE-2018-19039
=====================================================================

1. Summary:

An update is now available for Red Hat Ceph Storage 3.2.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Ceph Storage 3.2 MON - ppc64le, x86_64
Red Hat Ceph Storage 3.2 OSD - ppc64le, x86_64
Red Hat Ceph Storage 3.2 Tools - noarch, ppc64le, x86_64

3. Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.

Security Fix(es):

* grafana: File exfiltration (CVE-2018-19039)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es) and Enhancement(s)

For detailed information on changes in this release, see the Red Hat Ceph
Storage 3.2 Release Notes available at:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3.2/html
/release_notes/index

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1506782 - osd_scrub_auto_repair not working as expected
1540881 - [CEE/SD] monitor_interface with "-" in the name fails with "msg": "'dict object' has no attribute u'ansible_bond-monitor-interface'"
1593110 - Ceph mgr daemon crashing after starting balancer module in automatic mode
1600138 - [Bluestore]: one of the osds flapped multiple times with 1525: FAILED assert(0 == "bluefs enospc")
1636251 - ceph-keys fails if RHEL is configured in FIPS mode
1638092 - Default crush rule is not enforced
1639833 - [RFE] Enabling CRUSH device classes should not incur data movement in the cluster
1648168 - ceph-validate : devices are not validated in non-collocated and lvm_batch scenario
1649697 - CVE-2018-19039 grafana: File exfiltration
1653307 - [ceph-ansible] - lvms not removed while purging cluster
1656935 - ceph-ansible: purge-cluster.yml fails when initiated second time
1660962 - rgw does not support delimiter as a string it only supports a single character [consulting]
1664869 - [RFE] Support configuring multiple RGW endpoints in ceph-ansible for RGW multisite
1666407 - MDS may hang at startup if PurgeQueue metadata objects are damaged
1666408 - ceph-fuse may miss reconnect during MDS switch
1666409 - MDS should allow configuration of heartbeat timeout
1668050 - [RFE] RGW OPA authorization tech preview
1668362 - Verify PG recovery control / 3 line items from BB spreadsheet
1669901 - [RFE] Implement mechanism and command to change/reset bucket objects owner / RGW bucket chown
1670165 - Bucket lifecycle: bucket is not getting added to lc list when`'NoncurrentVersionExpiration': {'NoncurrentDays': 2}` is set
1670321 - [GSS] Downloads are corrupted when using RGW with civetweb as frontend
1670663 - [Ceph-Ansible][ceph-containers] Add new OSD node to the existing ceph cluster is failing with '--limit osds' option
1672333 - Optimize MDS stale cap revoke behavior
1672878 - [Ceph-Ansible][ceph-containers] Missing permission for MDS in client.admin
1673687 - Failure creating ceph.conf for mon - No first item, sequence was empty.
1674549 - [cee/sd][ceph-mgr] luminous: deadlock in standby ceph-mgr daemons
1678470 - BlueStore OSD crashes in _do_read - BlueStore::_do_read
1679263 - radosgw-admin bucket limit check stuck generating high read ops with > 999 buckets per user [Consulting]
1680171 - containerized radosgw requires higher --cpu-quota as default
1683997 - permissions in /var/lib/ceph/mon aren't set properly
1684146 - Ability to start ceph daemons with numactl
1684283 - Ceph Containers SSL support - Daemons like RGW when using rgw-multisite causing an issue in communication and sync stuck
1684289 - Testing RGW Multi-site SSL support
1684435 - Bucket lifecycle: Current version of the object does not get deleted for Tag based filters.
1684642 - [RFE] rgw-multisite: add perf counters to data sync
1685733 - MDS may abort when handling deleted file
1685735 - Monitors will assign standby-replay to degraded ranks
1687038 - os/filestore: ceph_abort() on fsync(2) or fdatasync(2) failure
1687039 - osd/PG.cc: account for missing set irrespective of last_complete
1687041 - mon/OSDMonitor: do not populate void pg_temp into nextmap
1687567 - rgw: use of PK11_ImportSymKey implies non-FIPS-compliant key management workflow (blocks FIPS)
1687828 - [cee/sd][ceph-ansible] rolling-update.yml does not restart nvme osds running in containers
1688330 - Request for backport for fixed issue https://tracker.ceph.com/issues/21533
1688378 - ops waiting for resharding to complete may not be able to complete when resharding does complete
1688541 - command `radosgw-admin bi put` not rightly set the mtime
1688869 - rgw: Lifecyle: handle resharded buckets
1689266 - rgw: unordered bucket listing markers do not handle adorned object names correctly
1689410 - s3cmd info not working on Ceph 3.2 (cors policies) giving 500 (Internal Server Error)
1690941 - Some multipart uploads with SSE-C are corrupted
1692555 - 'radosgw-admin sync status' does not show timestamps for master zone
1693445 - rgw-multisite sync stuck recovering shard in already deleted versioned bucket
1695174 - rgw: fix eval bucket policies and perms permissions for non-existent objects
1699478 - rgw-multisite: log trimming does not make progress unless zones 'sync_from_all'
1701970 - Inefficient unordered bucket listing
1702311 - [cee/sd][ceph-ansible] shink-osd.yml is failing due to missing osd_fsid in " ceph --cluster ceph osd find 0" output

6. Package List:

Red Hat Ceph Storage 3.2 MON:

Source:
ceph-12.2.8-128.el7cp.src.rpm

ppc64le:
ceph-base-12.2.8-128.el7cp.ppc64le.rpm
ceph-common-12.2.8-128.el7cp.ppc64le.rpm
ceph-debuginfo-12.2.8-128.el7cp.ppc64le.rpm
ceph-mgr-12.2.8-128.el7cp.ppc64le.rpm
ceph-mon-12.2.8-128.el7cp.ppc64le.rpm
ceph-selinux-12.2.8-128.el7cp.ppc64le.rpm
libcephfs-devel-12.2.8-128.el7cp.ppc64le.rpm
libcephfs2-12.2.8-128.el7cp.ppc64le.rpm
librados-devel-12.2.8-128.el7cp.ppc64le.rpm
librados2-12.2.8-128.el7cp.ppc64le.rpm
libradosstriper1-12.2.8-128.el7cp.ppc64le.rpm
librbd-devel-12.2.8-128.el7cp.ppc64le.rpm
librbd1-12.2.8-128.el7cp.ppc64le.rpm
librgw-devel-12.2.8-128.el7cp.ppc64le.rpm
librgw2-12.2.8-128.el7cp.ppc64le.rpm
python-cephfs-12.2.8-128.el7cp.ppc64le.rpm
python-rados-12.2.8-128.el7cp.ppc64le.rpm
python-rbd-12.2.8-128.el7cp.ppc64le.rpm
python-rgw-12.2.8-128.el7cp.ppc64le.rpm

x86_64:
ceph-base-12.2.8-128.el7cp.x86_64.rpm
ceph-common-12.2.8-128.el7cp.x86_64.rpm
ceph-debuginfo-12.2.8-128.el7cp.x86_64.rpm
ceph-mgr-12.2.8-128.el7cp.x86_64.rpm
ceph-mon-12.2.8-128.el7cp.x86_64.rpm
ceph-selinux-12.2.8-128.el7cp.x86_64.rpm
ceph-test-12.2.8-128.el7cp.x86_64.rpm
libcephfs-devel-12.2.8-128.el7cp.x86_64.rpm
libcephfs2-12.2.8-128.el7cp.x86_64.rpm
librados-devel-12.2.8-128.el7cp.x86_64.rpm
librados2-12.2.8-128.el7cp.x86_64.rpm
libradosstriper1-12.2.8-128.el7cp.x86_64.rpm
librbd-devel-12.2.8-128.el7cp.x86_64.rpm
librbd1-12.2.8-128.el7cp.x86_64.rpm
librgw-devel-12.2.8-128.el7cp.x86_64.rpm
librgw2-12.2.8-128.el7cp.x86_64.rpm
python-cephfs-12.2.8-128.el7cp.x86_64.rpm
python-rados-12.2.8-128.el7cp.x86_64.rpm
python-rbd-12.2.8-128.el7cp.x86_64.rpm
python-rgw-12.2.8-128.el7cp.x86_64.rpm

Red Hat Ceph Storage 3.2 OSD:

Source:
ceph-12.2.8-128.el7cp.src.rpm

ppc64le:
ceph-base-12.2.8-128.el7cp.ppc64le.rpm
ceph-common-12.2.8-128.el7cp.ppc64le.rpm
ceph-debuginfo-12.2.8-128.el7cp.ppc64le.rpm
ceph-osd-12.2.8-128.el7cp.ppc64le.rpm
ceph-selinux-12.2.8-128.el7cp.ppc64le.rpm
libcephfs-devel-12.2.8-128.el7cp.ppc64le.rpm
libcephfs2-12.2.8-128.el7cp.ppc64le.rpm
librados-devel-12.2.8-128.el7cp.ppc64le.rpm
librados2-12.2.8-128.el7cp.ppc64le.rpm
libradosstriper1-12.2.8-128.el7cp.ppc64le.rpm
librbd-devel-12.2.8-128.el7cp.ppc64le.rpm
librbd1-12.2.8-128.el7cp.ppc64le.rpm
librgw-devel-12.2.8-128.el7cp.ppc64le.rpm
librgw2-12.2.8-128.el7cp.ppc64le.rpm
python-cephfs-12.2.8-128.el7cp.ppc64le.rpm
python-rados-12.2.8-128.el7cp.ppc64le.rpm
python-rbd-12.2.8-128.el7cp.ppc64le.rpm
python-rgw-12.2.8-128.el7cp.ppc64le.rpm

x86_64:
ceph-base-12.2.8-128.el7cp.x86_64.rpm
ceph-common-12.2.8-128.el7cp.x86_64.rpm
ceph-debuginfo-12.2.8-128.el7cp.x86_64.rpm
ceph-osd-12.2.8-128.el7cp.x86_64.rpm
ceph-selinux-12.2.8-128.el7cp.x86_64.rpm
ceph-test-12.2.8-128.el7cp.x86_64.rpm
libcephfs-devel-12.2.8-128.el7cp.x86_64.rpm
libcephfs2-12.2.8-128.el7cp.x86_64.rpm
librados-devel-12.2.8-128.el7cp.x86_64.rpm
librados2-12.2.8-128.el7cp.x86_64.rpm
libradosstriper1-12.2.8-128.el7cp.x86_64.rpm
librbd-devel-12.2.8-128.el7cp.x86_64.rpm
librbd1-12.2.8-128.el7cp.x86_64.rpm
librgw-devel-12.2.8-128.el7cp.x86_64.rpm
librgw2-12.2.8-128.el7cp.x86_64.rpm
python-cephfs-12.2.8-128.el7cp.x86_64.rpm
python-rados-12.2.8-128.el7cp.x86_64.rpm
python-rbd-12.2.8-128.el7cp.x86_64.rpm
python-rgw-12.2.8-128.el7cp.x86_64.rpm

Red Hat Ceph Storage 3.2 Tools:

Source:
ceph-12.2.8-128.el7cp.src.rpm
ceph-ansible-3.2.15-1.el7cp.src.rpm
grafana-5.2.4-2.el7cp.src.rpm

noarch:
ceph-ansible-3.2.15-1.el7cp.noarch.rpm

ppc64le:
ceph-base-12.2.8-128.el7cp.ppc64le.rpm
ceph-common-12.2.8-128.el7cp.ppc64le.rpm
ceph-debuginfo-12.2.8-128.el7cp.ppc64le.rpm
ceph-fuse-12.2.8-128.el7cp.ppc64le.rpm
ceph-mds-12.2.8-128.el7cp.ppc64le.rpm
ceph-radosgw-12.2.8-128.el7cp.ppc64le.rpm
ceph-selinux-12.2.8-128.el7cp.ppc64le.rpm
libcephfs-devel-12.2.8-128.el7cp.ppc64le.rpm
libcephfs2-12.2.8-128.el7cp.ppc64le.rpm
librados-devel-12.2.8-128.el7cp.ppc64le.rpm
librados2-12.2.8-128.el7cp.ppc64le.rpm
libradosstriper1-12.2.8-128.el7cp.ppc64le.rpm
librbd-devel-12.2.8-128.el7cp.ppc64le.rpm
librbd1-12.2.8-128.el7cp.ppc64le.rpm
librgw-devel-12.2.8-128.el7cp.ppc64le.rpm
librgw2-12.2.8-128.el7cp.ppc64le.rpm
python-cephfs-12.2.8-128.el7cp.ppc64le.rpm
python-rados-12.2.8-128.el7cp.ppc64le.rpm
python-rbd-12.2.8-128.el7cp.ppc64le.rpm
python-rgw-12.2.8-128.el7cp.ppc64le.rpm
rbd-mirror-12.2.8-128.el7cp.ppc64le.rpm

x86_64:
ceph-base-12.2.8-128.el7cp.x86_64.rpm
ceph-common-12.2.8-128.el7cp.x86_64.rpm
ceph-debuginfo-12.2.8-128.el7cp.x86_64.rpm
ceph-fuse-12.2.8-128.el7cp.x86_64.rpm
ceph-mds-12.2.8-128.el7cp.x86_64.rpm
ceph-radosgw-12.2.8-128.el7cp.x86_64.rpm
ceph-selinux-12.2.8-128.el7cp.x86_64.rpm
grafana-5.2.4-2.el7cp.x86_64.rpm
libcephfs-devel-12.2.8-128.el7cp.x86_64.rpm
libcephfs2-12.2.8-128.el7cp.x86_64.rpm
librados-devel-12.2.8-128.el7cp.x86_64.rpm
librados2-12.2.8-128.el7cp.x86_64.rpm
libradosstriper1-12.2.8-128.el7cp.x86_64.rpm
librbd-devel-12.2.8-128.el7cp.x86_64.rpm
librbd1-12.2.8-128.el7cp.x86_64.rpm
librgw-devel-12.2.8-128.el7cp.x86_64.rpm
librgw2-12.2.8-128.el7cp.x86_64.rpm
python-cephfs-12.2.8-128.el7cp.x86_64.rpm
python-rados-12.2.8-128.el7cp.x86_64.rpm
python-rbd-12.2.8-128.el7cp.x86_64.rpm
python-rgw-12.2.8-128.el7cp.x86_64.rpm
rbd-mirror-12.2.8-128.el7cp.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-19039
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3.2/html/release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXMhwvNzjgjWX9erEAQiwhQ//SVOoOCYRrruTi62M+bR1loq2c0MEV7Ob
8gtRWVr1ojuoX1zkeOfCXUoiHIbxUgCjBCxs9QGSuhaI+IwaXVrXjkg9jfzJGmcP
s8T0ueoaDPYymPUHmPQ9OQ33TW6DwH+VKVj6TD1WuIHXByafGyaS2BRnQS87xmz8
BDozP11kM0U5CLokss+nZaIJ+xmWBoKypcHxbWrj9uS5uQIKY/wk6mjLb+w29sS4
UVD8gHyS9++gcFvyOpZ89Y2xaVbmp9paya9Yd2WWKILKT8p0qNuN+pi6YEQ7231m
s4jFgFF6d4BvBcH9KTuWCthVHgq6moCbm4+Rfakc8RBm82bcaDHcC4Uukj4K9JCH
J9mwiMINFKF5BLUQlmTyrFPF7o6boHGqisUTbP9B7J6o1MBixNsDMNoTgZMPhQLL
kWOMJbu67axB9IpEsO4emNj29+fQtvL68HVEQUmwOnBpnRR1WYa8mkApPmgLdbI2
ndptApCCdpKwO5FwOCgP0bQ8yG1tlS3/LN0O0Qr07esayGykIZPwI1m7z0R4JYyB
vVOmn5/vnNSl2gQjJtwXEEqdWph/+iNFjUd9EzifeTJonvAdfCYr9YzkTl0L2TM7
sF3b51bXX2dbQww1dbsQYGrMJ6w+ZN91QeaquHi/TqgU9GbHFkMRscb0mKvOUkrh
8I3/VlPfwK0=
=UJED
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close