RHEL 8 / 9 : Red Hat Ceph Storage 5.3 security update and Bug Fix (Moderate) (RHSA-2023:0076)

high Nessus Plugin ID 169920

Synopsis

The remote Red Hat host is missing a security update for Red Hat Ceph Storage 5.3.

Description

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0076 advisory.

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

Security Fix(es):

* Moment.js: Path traversal in moment.locale (CVE-2022-24785)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Bug Fix(es)

These new packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

All users of Red Hat Ceph Storage are advised to upgrade to these updated packages that provide numerous enhancements and bug fixes.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL Red Hat Ceph Storage 5.3 package based on the guidance in RHSA-2023:0076.

See Also

http://www.nessus.org/u?217807e4

http://www.nessus.org/u?5f91b2aa

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/errata/RHSA-2023:0076

https://bugzilla.redhat.com/show_bug.cgi?id=1749627

https://bugzilla.redhat.com/show_bug.cgi?id=1827519

https://bugzilla.redhat.com/show_bug.cgi?id=1905785

https://bugzilla.redhat.com/show_bug.cgi?id=1941668

https://bugzilla.redhat.com/show_bug.cgi?id=1957088

https://bugzilla.redhat.com/show_bug.cgi?id=1986826

https://bugzilla.redhat.com/show_bug.cgi?id=1989527

https://bugzilla.redhat.com/show_bug.cgi?id=2011686

https://bugzilla.redhat.com/show_bug.cgi?id=2014330

https://bugzilla.redhat.com/show_bug.cgi?id=2015028

https://bugzilla.redhat.com/show_bug.cgi?id=2017660

https://bugzilla.redhat.com/show_bug.cgi?id=2019870

https://bugzilla.redhat.com/show_bug.cgi?id=2021009

https://bugzilla.redhat.com/show_bug.cgi?id=2023164

https://bugzilla.redhat.com/show_bug.cgi?id=2023552

https://bugzilla.redhat.com/show_bug.cgi?id=2024308

https://bugzilla.redhat.com/show_bug.cgi?id=2025932

https://bugzilla.redhat.com/show_bug.cgi?id=2026101

https://bugzilla.redhat.com/show_bug.cgi?id=2026282

https://bugzilla.redhat.com/show_bug.cgi?id=2028220

https://bugzilla.redhat.com/show_bug.cgi?id=2037041

https://bugzilla.redhat.com/show_bug.cgi?id=2041692

https://bugzilla.redhat.com/show_bug.cgi?id=2042394

https://bugzilla.redhat.com/show_bug.cgi?id=2052516

https://bugzilla.redhat.com/show_bug.cgi?id=2052916

https://bugzilla.redhat.com/show_bug.cgi?id=2055137

https://bugzilla.redhat.com/show_bug.cgi?id=2062794

https://bugzilla.redhat.com/show_bug.cgi?id=2064481

https://bugzilla.redhat.com/show_bug.cgi?id=2066453

https://bugzilla.redhat.com/show_bug.cgi?id=2072009

https://bugzilla.redhat.com/show_bug.cgi?id=2072510

https://bugzilla.redhat.com/show_bug.cgi?id=2072690

https://bugzilla.redhat.com/show_bug.cgi?id=2075214

https://bugzilla.redhat.com/show_bug.cgi?id=2086441

https://bugzilla.redhat.com/show_bug.cgi?id=2086471

https://bugzilla.redhat.com/show_bug.cgi?id=2089220

https://bugzilla.redhat.com/show_bug.cgi?id=2091773

https://bugzilla.redhat.com/show_bug.cgi?id=2095062

https://bugzilla.redhat.com/show_bug.cgi?id=2095670

https://bugzilla.redhat.com/show_bug.cgi?id=2100553

https://bugzilla.redhat.com/show_bug.cgi?id=2100602

https://bugzilla.redhat.com/show_bug.cgi?id=2101807

https://bugzilla.redhat.com/show_bug.cgi?id=2102934

https://bugzilla.redhat.com/show_bug.cgi?id=2104835

https://bugzilla.redhat.com/show_bug.cgi?id=2105251

https://bugzilla.redhat.com/show_bug.cgi?id=2105309

https://bugzilla.redhat.com/show_bug.cgi?id=2105324

https://bugzilla.redhat.com/show_bug.cgi?id=2107405

https://bugzilla.redhat.com/show_bug.cgi?id=2108394

https://bugzilla.redhat.com/show_bug.cgi?id=2108707

https://bugzilla.redhat.com/show_bug.cgi?id=2108886

https://bugzilla.redhat.com/show_bug.cgi?id=2109256

https://bugzilla.redhat.com/show_bug.cgi?id=2109675

https://bugzilla.redhat.com/show_bug.cgi?id=2109886

https://bugzilla.redhat.com/show_bug.cgi?id=2109935

https://bugzilla.redhat.com/show_bug.cgi?id=2110008

https://bugzilla.redhat.com/show_bug.cgi?id=2110338

https://bugzilla.redhat.com/show_bug.cgi?id=2110865

https://bugzilla.redhat.com/show_bug.cgi?id=2111488

https://bugzilla.redhat.com/show_bug.cgi?id=2114607

https://bugzilla.redhat.com/show_bug.cgi?id=2117313

https://bugzilla.redhat.com/show_bug.cgi?id=2117672

https://bugzilla.redhat.com/show_bug.cgi?id=2118295

https://bugzilla.redhat.com/show_bug.cgi?id=2118798

https://bugzilla.redhat.com/show_bug.cgi?id=2119256

https://bugzilla.redhat.com/show_bug.cgi?id=2119449

https://bugzilla.redhat.com/show_bug.cgi?id=2119774

https://bugzilla.redhat.com/show_bug.cgi?id=2119853

https://bugzilla.redhat.com/show_bug.cgi?id=2120187

https://bugzilla.redhat.com/show_bug.cgi?id=2120262

https://bugzilla.redhat.com/show_bug.cgi?id=2121462

https://bugzilla.redhat.com/show_bug.cgi?id=2121489

https://bugzilla.redhat.com/show_bug.cgi?id=2121548

https://bugzilla.redhat.com/show_bug.cgi?id=2121673

https://bugzilla.redhat.com/show_bug.cgi?id=2122130

https://bugzilla.redhat.com/show_bug.cgi?id=2123335

https://bugzilla.redhat.com/show_bug.cgi?id=2123423

https://bugzilla.redhat.com/show_bug.cgi?id=2124423

https://bugzilla.redhat.com/show_bug.cgi?id=2126787

https://bugzilla.redhat.com/show_bug.cgi?id=2127319

https://bugzilla.redhat.com/show_bug.cgi?id=2128194

https://bugzilla.redhat.com/show_bug.cgi?id=2129718

https://bugzilla.redhat.com/show_bug.cgi?id=2130116

https://bugzilla.redhat.com/show_bug.cgi?id=2131932

https://bugzilla.redhat.com/show_bug.cgi?id=2132481

https://bugzilla.redhat.com/show_bug.cgi?id=2135334

https://bugzilla.redhat.com/show_bug.cgi?id=2136551

https://bugzilla.redhat.com/show_bug.cgi?id=2138791

https://bugzilla.redhat.com/show_bug.cgi?id=2139258

https://bugzilla.redhat.com/show_bug.cgi?id=2139422

https://bugzilla.redhat.com/show_bug.cgi?id=2140569

https://bugzilla.redhat.com/show_bug.cgi?id=2142141

https://bugzilla.redhat.com/show_bug.cgi?id=2142174

https://bugzilla.redhat.com/show_bug.cgi?id=2142674

https://bugzilla.redhat.com/show_bug.cgi?id=2143336

https://bugzilla.redhat.com/show_bug.cgi?id=2145022

https://bugzilla.redhat.com/show_bug.cgi?id=2149653

https://bugzilla.redhat.com/show_bug.cgi?id=2150968

https://bugzilla.redhat.com/show_bug.cgi?id=2153781

https://bugzilla.redhat.com/show_bug.cgi?id=2156705

Plugin Details

Severity: High

ID: 169920

File Name: redhat-RHSA-2023-0076.nasl

Version: 1.7

Type: local

Agent: unix

Published: 1/11/2023

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2022-24785

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ceph-mib, p-cpe:/a:redhat:enterprise_linux:python3-ceph-argparse, p-cpe:/a:redhat:enterprise_linux:librgw2, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-diskprediction-local, p-cpe:/a:redhat:enterprise_linux:cephfs-mirror, p-cpe:/a:redhat:enterprise_linux:libradospp-devel, p-cpe:/a:redhat:enterprise_linux:python3-ceph-common, p-cpe:/a:redhat:enterprise_linux:libradosstriper1, p-cpe:/a:redhat:enterprise_linux:ceph-osd, p-cpe:/a:redhat:enterprise_linux:ceph-mgr, p-cpe:/a:redhat:enterprise_linux:ceph-grafana-dashboards, p-cpe:/a:redhat:enterprise_linux:librgw-devel, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-k8sevents, p-cpe:/a:redhat:enterprise_linux:cephadm, p-cpe:/a:redhat:enterprise_linux:librados-devel, p-cpe:/a:redhat:enterprise_linux:librbd-devel, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:ceph-test, p-cpe:/a:redhat:enterprise_linux:python3-cephfs, p-cpe:/a:redhat:enterprise_linux:ceph-common, p-cpe:/a:redhat:enterprise_linux:ceph-prometheus-alerts, p-cpe:/a:redhat:enterprise_linux:ceph-mds, p-cpe:/a:redhat:enterprise_linux:ceph-resource-agents, p-cpe:/a:redhat:enterprise_linux:cephfs-top, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-dashboard, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:ceph-radosgw, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-rook, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:redhat:enterprise_linux:libcephfs2, p-cpe:/a:redhat:enterprise_linux:ceph, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-modules-core, p-cpe:/a:redhat:enterprise_linux:python3-rados, p-cpe:/a:redhat:enterprise_linux:rbd-nbd, p-cpe:/a:redhat:enterprise_linux:librbd1, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-cephadm, p-cpe:/a:redhat:enterprise_linux:ceph-base, p-cpe:/a:redhat:enterprise_linux:ceph-fuse, p-cpe:/a:redhat:enterprise_linux:rbd-mirror, p-cpe:/a:redhat:enterprise_linux:libcephsqlite, p-cpe:/a:redhat:enterprise_linux:ceph-immutable-object-cache, p-cpe:/a:redhat:enterprise_linux:python3-rbd, p-cpe:/a:redhat:enterprise_linux:ceph-selinux, p-cpe:/a:redhat:enterprise_linux:ceph-mon, p-cpe:/a:redhat:enterprise_linux:python3-rgw, p-cpe:/a:redhat:enterprise_linux:libcephfs-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/11/2023

Vulnerability Publication Date: 4/3/2022

Reference Information

CVE: CVE-2022-24785

CWE: 22

RHSA: 2023:0076