RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:3623)

medium Nessus Plugin ID 177348

Synopsis

The remote Red Hat host is missing one or more security updates for Red Hat Ceph Storage 6.1.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3623 advisory.

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

These new packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index

Security Fix(es):

* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

* angular: XSS vulnerability (CVE-2021-4231)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All users of Red Hat Ceph Storage are advised to update to these packages that provide numerous enhancements and bug fixes.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL Red Hat Ceph Storage 6.1 package based on the guidance in RHSA-2023:3623.

See Also

http://www.nessus.org/u?15054117

http://www.nessus.org/u?f446c896

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1467648

https://bugzilla.redhat.com/show_bug.cgi?id=1600995

https://bugzilla.redhat.com/show_bug.cgi?id=1783271

https://bugzilla.redhat.com/show_bug.cgi?id=1794550

https://bugzilla.redhat.com/show_bug.cgi?id=1929760

https://bugzilla.redhat.com/show_bug.cgi?id=1932764

https://bugzilla.redhat.com/show_bug.cgi?id=1937618

https://bugzilla.redhat.com/show_bug.cgi?id=1975689

https://bugzilla.redhat.com/show_bug.cgi?id=1991808

https://bugzilla.redhat.com/show_bug.cgi?id=2004175

https://bugzilla.redhat.com/show_bug.cgi?id=2016288

https://bugzilla.redhat.com/show_bug.cgi?id=2016949

https://bugzilla.redhat.com/show_bug.cgi?id=2024444

https://bugzilla.redhat.com/show_bug.cgi?id=2025815

https://bugzilla.redhat.com/show_bug.cgi?id=2028058

https://bugzilla.redhat.com/show_bug.cgi?id=2029714

https://bugzilla.redhat.com/show_bug.cgi?id=2036063

https://bugzilla.redhat.com/show_bug.cgi?id=2053347

https://bugzilla.redhat.com/show_bug.cgi?id=2053471

https://bugzilla.redhat.com/show_bug.cgi?id=2064260

https://bugzilla.redhat.com/show_bug.cgi?id=2064265

https://bugzilla.redhat.com/show_bug.cgi?id=2067709

https://bugzilla.redhat.com/show_bug.cgi?id=2076709

https://bugzilla.redhat.com/show_bug.cgi?id=2080926

https://bugzilla.redhat.com/show_bug.cgi?id=2082666

https://bugzilla.redhat.com/show_bug.cgi?id=2092506

https://bugzilla.redhat.com/show_bug.cgi?id=2094052

https://bugzilla.redhat.com/show_bug.cgi?id=2097027

https://bugzilla.redhat.com/show_bug.cgi?id=2097187

https://bugzilla.redhat.com/show_bug.cgi?id=2105075

https://bugzilla.redhat.com/show_bug.cgi?id=2105950

https://bugzilla.redhat.com/show_bug.cgi?id=2106421

https://bugzilla.redhat.com/show_bug.cgi?id=2108228

https://bugzilla.redhat.com/show_bug.cgi?id=2108489

https://bugzilla.redhat.com/show_bug.cgi?id=2109224

https://bugzilla.redhat.com/show_bug.cgi?id=2110290

https://bugzilla.redhat.com/show_bug.cgi?id=2111282

https://bugzilla.redhat.com/show_bug.cgi?id=2111364

https://bugzilla.redhat.com/show_bug.cgi?id=2111680

https://bugzilla.redhat.com/show_bug.cgi?id=2111751

https://bugzilla.redhat.com/show_bug.cgi?id=2112309

https://bugzilla.redhat.com/show_bug.cgi?id=2114835

https://bugzilla.redhat.com/show_bug.cgi?id=2120624

https://bugzilla.redhat.com/show_bug.cgi?id=2124441

https://bugzilla.redhat.com/show_bug.cgi?id=2127345

https://bugzilla.redhat.com/show_bug.cgi?id=2127926

https://bugzilla.redhat.com/show_bug.cgi?id=2129861

https://bugzilla.redhat.com/show_bug.cgi?id=2132554

https://bugzilla.redhat.com/show_bug.cgi?id=2133341

https://bugzilla.redhat.com/show_bug.cgi?id=2133549

https://bugzilla.redhat.com/show_bug.cgi?id=2133802

https://bugzilla.redhat.com/show_bug.cgi?id=2136031

https://bugzilla.redhat.com/show_bug.cgi?id=2136304

https://bugzilla.redhat.com/show_bug.cgi?id=2136336

https://bugzilla.redhat.com/show_bug.cgi?id=2137596

https://bugzilla.redhat.com/show_bug.cgi?id=2138793

https://bugzilla.redhat.com/show_bug.cgi?id=2138794

https://bugzilla.redhat.com/show_bug.cgi?id=2138933

https://bugzilla.redhat.com/show_bug.cgi?id=2139694

https://bugzilla.redhat.com/show_bug.cgi?id=2139769

https://bugzilla.redhat.com/show_bug.cgi?id=2140074

https://bugzilla.redhat.com/show_bug.cgi?id=2140784

https://bugzilla.redhat.com/show_bug.cgi?id=2141110

https://bugzilla.redhat.com/show_bug.cgi?id=2142167

https://bugzilla.redhat.com/show_bug.cgi?id=2142431

https://bugzilla.redhat.com/show_bug.cgi?id=2143285

https://bugzilla.redhat.com/show_bug.cgi?id=2145104

https://bugzilla.redhat.com/show_bug.cgi?id=2146544

https://bugzilla.redhat.com/show_bug.cgi?id=2146546

https://bugzilla.redhat.com/show_bug.cgi?id=2147346

https://bugzilla.redhat.com/show_bug.cgi?id=2147348

https://bugzilla.redhat.com/show_bug.cgi?id=2149259

https://bugzilla.redhat.com/show_bug.cgi?id=2149415

https://bugzilla.redhat.com/show_bug.cgi?id=2149533

https://bugzilla.redhat.com/show_bug.cgi?id=2151189

https://bugzilla.redhat.com/show_bug.cgi?id=2152963

https://bugzilla.redhat.com/show_bug.cgi?id=2153196

https://bugzilla.redhat.com/show_bug.cgi?id=2153452

https://bugzilla.redhat.com/show_bug.cgi?id=2153533

https://bugzilla.redhat.com/show_bug.cgi?id=2153673

https://bugzilla.redhat.com/show_bug.cgi?id=2153726

https://bugzilla.redhat.com/show_bug.cgi?id=2158689

https://bugzilla.redhat.com/show_bug.cgi?id=2159294

https://bugzilla.redhat.com/show_bug.cgi?id=2159307

https://bugzilla.redhat.com/show_bug.cgi?id=2160598

https://bugzilla.redhat.com/show_bug.cgi?id=2161479

https://bugzilla.redhat.com/show_bug.cgi?id=2161483

https://bugzilla.redhat.com/show_bug.cgi?id=2163473

https://bugzilla.redhat.com/show_bug.cgi?id=2164327

https://bugzilla.redhat.com/show_bug.cgi?id=2168541

https://bugzilla.redhat.com/show_bug.cgi?id=2172791

https://bugzilla.redhat.com/show_bug.cgi?id=2175307

https://bugzilla.redhat.com/show_bug.cgi?id=2180110

https://bugzilla.redhat.com/show_bug.cgi?id=2180567

https://bugzilla.redhat.com/show_bug.cgi?id=2181055

https://bugzilla.redhat.com/show_bug.cgi?id=2182022

https://bugzilla.redhat.com/show_bug.cgi?id=2182035

https://bugzilla.redhat.com/show_bug.cgi?id=2182564

https://bugzilla.redhat.com/show_bug.cgi?id=2182613

https://bugzilla.redhat.com/show_bug.cgi?id=2184268

https://bugzilla.redhat.com/show_bug.cgi?id=2185588

https://bugzilla.redhat.com/show_bug.cgi?id=2185772

https://bugzilla.redhat.com/show_bug.cgi?id=2186095

https://bugzilla.redhat.com/show_bug.cgi?id=2186126

https://bugzilla.redhat.com/show_bug.cgi?id=2186472

https://bugzilla.redhat.com/show_bug.cgi?id=2186557

https://bugzilla.redhat.com/show_bug.cgi?id=2186738

https://bugzilla.redhat.com/show_bug.cgi?id=2186760

https://bugzilla.redhat.com/show_bug.cgi?id=2186774

https://bugzilla.redhat.com/show_bug.cgi?id=2187265

https://bugzilla.redhat.com/show_bug.cgi?id=2187394

https://bugzilla.redhat.com/show_bug.cgi?id=2187617

https://bugzilla.redhat.com/show_bug.cgi?id=2187659

https://bugzilla.redhat.com/show_bug.cgi?id=2188266

https://bugzilla.redhat.com/show_bug.cgi?id=2188460

https://bugzilla.redhat.com/show_bug.cgi?id=2189308

https://bugzilla.redhat.com/show_bug.cgi?id=2190412

https://bugzilla.redhat.com/show_bug.cgi?id=2196421

https://bugzilla.redhat.com/show_bug.cgi?id=2196920

https://bugzilla.redhat.com/show_bug.cgi?id=2203098

https://bugzilla.redhat.com/show_bug.cgi?id=2203160

https://bugzilla.redhat.com/show_bug.cgi?id=2203747

https://bugzilla.redhat.com/show_bug.cgi?id=2204479

https://bugzilla.redhat.com/show_bug.cgi?id=2207702

https://bugzilla.redhat.com/show_bug.cgi?id=2207718

https://bugzilla.redhat.com/show_bug.cgi?id=2209109

https://bugzilla.redhat.com/show_bug.cgi?id=2209300

https://bugzilla.redhat.com/show_bug.cgi?id=2209375

https://bugzilla.redhat.com/show_bug.cgi?id=2209970

https://bugzilla.redhat.com/show_bug.cgi?id=2210698

https://access.redhat.com/errata/RHSA-2023:3623

Plugin Details

Severity: Medium

ID: 177348

File Name: redhat-RHSA-2023-3623.nasl

Version: 1.3

Type: local

Agent: unix

Published: 6/15/2023

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2021-4231

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ceph-mib, p-cpe:/a:redhat:enterprise_linux:python3-ceph-argparse, p-cpe:/a:redhat:enterprise_linux:librgw2, p-cpe:/a:redhat:enterprise_linux:libradospp-devel, p-cpe:/a:redhat:enterprise_linux:python3-ceph-common, p-cpe:/a:redhat:enterprise_linux:libradosstriper1, p-cpe:/a:redhat:enterprise_linux:librgw-devel, p-cpe:/a:redhat:enterprise_linux:cephadm, p-cpe:/a:redhat:enterprise_linux:librados-devel, p-cpe:/a:redhat:enterprise_linux:librbd-devel, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:python3-cephfs, p-cpe:/a:redhat:enterprise_linux:ceph-common, p-cpe:/a:redhat:enterprise_linux:ceph-resource-agents, p-cpe:/a:redhat:enterprise_linux:cephfs-top, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:redhat:enterprise_linux:libcephfs2, p-cpe:/a:redhat:enterprise_linux:ceph, p-cpe:/a:redhat:enterprise_linux:python3-rados, p-cpe:/a:redhat:enterprise_linux:rbd-nbd, p-cpe:/a:redhat:enterprise_linux:librbd1, p-cpe:/a:redhat:enterprise_linux:ceph-base, p-cpe:/a:redhat:enterprise_linux:ceph-fuse, p-cpe:/a:redhat:enterprise_linux:ceph-immutable-object-cache, p-cpe:/a:redhat:enterprise_linux:python3-rbd, p-cpe:/a:redhat:enterprise_linux:ceph-selinux, p-cpe:/a:redhat:enterprise_linux:python3-rgw, p-cpe:/a:redhat:enterprise_linux:libcephfs-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/15/2023

Vulnerability Publication Date: 5/26/2022

Reference Information

CVE: CVE-2021-4231, CVE-2022-31129

CWE: 400, 79

RHSA: 2023:3623