An update for ceph is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2125 Final 1.0 1.0 2022-12-02 Initial 2022-12-02 2022-12-02 openEuler SA Tool V1.0 2022-12-02 ceph security update An update for ceph is now available for openEuler-22.03-LTS. Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fix(es): A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.(CVE-2022-0670) An update for ceph is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical ceph https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2125 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0670 https://nvd.nist.gov/vuln/detail/CVE-2022-0670 openEuler-22.03-LTS libcephsqlite-16.2.7-10.oe2203.aarch64.rpm ceph-radosgw-16.2.7-10.oe2203.aarch64.rpm ceph-osd-16.2.7-10.oe2203.aarch64.rpm ceph-immutable-object-cache-16.2.7-10.oe2203.aarch64.rpm python3-rados-16.2.7-10.oe2203.aarch64.rpm librados-devel-16.2.7-10.oe2203.aarch64.rpm rbd-nbd-16.2.7-10.oe2203.aarch64.rpm ceph-debugsource-16.2.7-10.oe2203.aarch64.rpm ceph-test-16.2.7-10.oe2203.aarch64.rpm ceph-mon-16.2.7-10.oe2203.aarch64.rpm librgw-devel-16.2.7-10.oe2203.aarch64.rpm ceph-16.2.7-10.oe2203.aarch64.rpm ceph-base-16.2.7-10.oe2203.aarch64.rpm python3-rbd-16.2.7-10.oe2203.aarch64.rpm ceph-fuse-16.2.7-10.oe2203.aarch64.rpm rbd-fuse-16.2.7-10.oe2203.aarch64.rpm ceph-common-16.2.7-10.oe2203.aarch64.rpm ceph-resource-agents-16.2.7-10.oe2203.aarch64.rpm ceph-mgr-16.2.7-10.oe2203.aarch64.rpm librados2-16.2.7-10.oe2203.aarch64.rpm libcephfs-devel-16.2.7-10.oe2203.aarch64.rpm python3-rgw-16.2.7-10.oe2203.aarch64.rpm libradosstriper-devel-16.2.7-10.oe2203.aarch64.rpm python3-cephfs-16.2.7-10.oe2203.aarch64.rpm libcephfs2-16.2.7-10.oe2203.aarch64.rpm libradospp-devel-16.2.7-10.oe2203.aarch64.rpm ceph-selinux-16.2.7-10.oe2203.aarch64.rpm librbd-devel-16.2.7-10.oe2203.aarch64.rpm librgw2-16.2.7-10.oe2203.aarch64.rpm python3-ceph-common-16.2.7-10.oe2203.aarch64.rpm rbd-mirror-16.2.7-10.oe2203.aarch64.rpm cephfs-mirror-16.2.7-10.oe2203.aarch64.rpm rados-objclass-devel-16.2.7-10.oe2203.aarch64.rpm ceph-mds-16.2.7-10.oe2203.aarch64.rpm libcephsqlite-devel-16.2.7-10.oe2203.aarch64.rpm ceph-debuginfo-16.2.7-10.oe2203.aarch64.rpm python3-ceph-argparse-16.2.7-10.oe2203.aarch64.rpm libradosstriper1-16.2.7-10.oe2203.aarch64.rpm librbd1-16.2.7-10.oe2203.aarch64.rpm ceph-mgr-k8sevents-16.2.7-10.oe2203.noarch.rpm cephadm-16.2.7-10.oe2203.noarch.rpm ceph-prometheus-alerts-16.2.7-10.oe2203.noarch.rpm cephfs-top-16.2.7-10.oe2203.noarch.rpm ceph-mgr-dashboard-16.2.7-10.oe2203.noarch.rpm ceph-grafana-dashboards-16.2.7-10.oe2203.noarch.rpm ceph-mgr-rook-16.2.7-10.oe2203.noarch.rpm ceph-mgr-diskprediction-local-16.2.7-10.oe2203.noarch.rpm ceph-mgr-modules-core-16.2.7-10.oe2203.noarch.rpm ceph-mgr-cephadm-16.2.7-10.oe2203.noarch.rpm ceph-16.2.7-10.oe2203.src.rpm ceph-base-16.2.7-10.oe2203.x86_64.rpm ceph-debugsource-16.2.7-10.oe2203.x86_64.rpm librados2-16.2.7-10.oe2203.x86_64.rpm libcephfs-devel-16.2.7-10.oe2203.x86_64.rpm ceph-fuse-16.2.7-10.oe2203.x86_64.rpm ceph-osd-16.2.7-10.oe2203.x86_64.rpm ceph-radosgw-16.2.7-10.oe2203.x86_64.rpm python3-ceph-common-16.2.7-10.oe2203.x86_64.rpm python3-rgw-16.2.7-10.oe2203.x86_64.rpm librgw-devel-16.2.7-10.oe2203.x86_64.rpm rados-objclass-devel-16.2.7-10.oe2203.x86_64.rpm ceph-mgr-16.2.7-10.oe2203.x86_64.rpm python3-ceph-argparse-16.2.7-10.oe2203.x86_64.rpm libradosstriper1-16.2.7-10.oe2203.x86_64.rpm ceph-test-16.2.7-10.oe2203.x86_64.rpm python3-rados-16.2.7-10.oe2203.x86_64.rpm python3-cephfs-16.2.7-10.oe2203.x86_64.rpm ceph-debuginfo-16.2.7-10.oe2203.x86_64.rpm librgw2-16.2.7-10.oe2203.x86_64.rpm rbd-fuse-16.2.7-10.oe2203.x86_64.rpm librados-devel-16.2.7-10.oe2203.x86_64.rpm librbd1-16.2.7-10.oe2203.x86_64.rpm ceph-mon-16.2.7-10.oe2203.x86_64.rpm ceph-immutable-object-cache-16.2.7-10.oe2203.x86_64.rpm libcephfs2-16.2.7-10.oe2203.x86_64.rpm ceph-16.2.7-10.oe2203.x86_64.rpm rbd-nbd-16.2.7-10.oe2203.x86_64.rpm python3-rbd-16.2.7-10.oe2203.x86_64.rpm ceph-resource-agents-16.2.7-10.oe2203.x86_64.rpm ceph-common-16.2.7-10.oe2203.x86_64.rpm libcephsqlite-16.2.7-10.oe2203.x86_64.rpm ceph-mds-16.2.7-10.oe2203.x86_64.rpm libradosstriper-devel-16.2.7-10.oe2203.x86_64.rpm ceph-selinux-16.2.7-10.oe2203.x86_64.rpm librbd-devel-16.2.7-10.oe2203.x86_64.rpm rbd-mirror-16.2.7-10.oe2203.x86_64.rpm libradospp-devel-16.2.7-10.oe2203.x86_64.rpm libcephsqlite-devel-16.2.7-10.oe2203.x86_64.rpm cephfs-mirror-16.2.7-10.oe2203.x86_64.rpm A flaw was found in Openstack manilla owning a Ceph File system share , which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the volumes plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2. 2022-12-02 CVE-2022-0670 openEuler-22.03-LTS Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N ceph security update 2022-12-02 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2125