RHEL 8 / 9 : Red Hat Ceph Storage 7.1 (RHSA-2024:3925)

critical Nessus Plugin ID 200554

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3925 advisory.

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

These new packages include numerous enhancements, bug fixes, and known issues. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7.1/html/release_notes/index

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/updates/classification/#critical

https://access.redhat.com/security/cve/CVE-2023-3128

https://access.redhat.com/security/cve/CVE-2023-49568

https://access.redhat.com/security/cve/CVE-2023-49569

https://access.redhat.com/security/cve/CVE-2023-4822

https://bugzilla.redhat.com/show_bug.cgi?id=1871333

https://bugzilla.redhat.com/show_bug.cgi?id=1954461

https://bugzilla.redhat.com/show_bug.cgi?id=1954463

https://bugzilla.redhat.com/show_bug.cgi?id=1995152

https://bugzilla.redhat.com/show_bug.cgi?id=2009599

https://bugzilla.redhat.com/show_bug.cgi?id=2029585

https://bugzilla.redhat.com/show_bug.cgi?id=2061627

https://bugzilla.redhat.com/show_bug.cgi?id=2068026

https://bugzilla.redhat.com/show_bug.cgi?id=2068030

https://bugzilla.redhat.com/show_bug.cgi?id=2079815

https://bugzilla.redhat.com/show_bug.cgi?id=2079897

https://bugzilla.redhat.com/show_bug.cgi?id=2089167

https://bugzilla.redhat.com/show_bug.cgi?id=2107014

https://bugzilla.redhat.com/show_bug.cgi?id=2112325

https://bugzilla.redhat.com/show_bug.cgi?id=2125107

https://bugzilla.redhat.com/show_bug.cgi?id=2130292

https://bugzilla.redhat.com/show_bug.cgi?id=2134786

https://bugzilla.redhat.com/show_bug.cgi?id=2136766

https://bugzilla.redhat.com/show_bug.cgi?id=2144472

https://bugzilla.redhat.com/show_bug.cgi?id=2148831

https://bugzilla.redhat.com/show_bug.cgi?id=2149450

https://bugzilla.redhat.com/show_bug.cgi?id=2153468

https://bugzilla.redhat.com/show_bug.cgi?id=2166576

https://bugzilla.redhat.com/show_bug.cgi?id=2172162

https://bugzilla.redhat.com/show_bug.cgi?id=2176297

https://bugzilla.redhat.com/show_bug.cgi?id=2185792

https://bugzilla.redhat.com/show_bug.cgi?id=2190366

https://bugzilla.redhat.com/show_bug.cgi?id=2207713

https://bugzilla.redhat.com/show_bug.cgi?id=2213626

https://bugzilla.redhat.com/show_bug.cgi?id=2213766

https://bugzilla.redhat.com/show_bug.cgi?id=2217499

https://bugzilla.redhat.com/show_bug.cgi?id=2227309

https://bugzilla.redhat.com/show_bug.cgi?id=2227314

https://bugzilla.redhat.com/show_bug.cgi?id=2233659

https://bugzilla.redhat.com/show_bug.cgi?id=2235753

https://bugzilla.redhat.com/show_bug.cgi?id=2237038

https://bugzilla.redhat.com/show_bug.cgi?id=2237574

https://bugzilla.redhat.com/show_bug.cgi?id=2238301

https://bugzilla.redhat.com/show_bug.cgi?id=2238537

https://bugzilla.redhat.com/show_bug.cgi?id=2238926

https://bugzilla.redhat.com/show_bug.cgi?id=2239726

https://bugzilla.redhat.com/show_bug.cgi?id=2240138

https://bugzilla.redhat.com/show_bug.cgi?id=2240583

https://bugzilla.redhat.com/show_bug.cgi?id=2241030

https://bugzilla.redhat.com/show_bug.cgi?id=2241056

https://bugzilla.redhat.com/show_bug.cgi?id=2241104

https://bugzilla.redhat.com/show_bug.cgi?id=2241165

https://bugzilla.redhat.com/show_bug.cgi?id=2242431

https://bugzilla.redhat.com/show_bug.cgi?id=2243105

https://bugzilla.redhat.com/show_bug.cgi?id=2243626

https://bugzilla.redhat.com/show_bug.cgi?id=2244417

https://bugzilla.redhat.com/show_bug.cgi?id=2245261

https://bugzilla.redhat.com/show_bug.cgi?id=2247074

https://bugzilla.redhat.com/show_bug.cgi?id=2247140

https://bugzilla.redhat.com/show_bug.cgi?id=2247183

https://bugzilla.redhat.com/show_bug.cgi?id=2247531

https://bugzilla.redhat.com/show_bug.cgi?id=2247586

https://bugzilla.redhat.com/show_bug.cgi?id=2247718

https://bugzilla.redhat.com/show_bug.cgi?id=2248639

https://bugzilla.redhat.com/show_bug.cgi?id=2248855

https://bugzilla.redhat.com/show_bug.cgi?id=2249003

https://bugzilla.redhat.com/show_bug.cgi?id=2249068

https://bugzilla.redhat.com/show_bug.cgi?id=2249518

https://bugzilla.redhat.com/show_bug.cgi?id=2249573

https://bugzilla.redhat.com/show_bug.cgi?id=2249651

https://bugzilla.redhat.com/show_bug.cgi?id=2249744

https://bugzilla.redhat.com/show_bug.cgi?id=2249812

https://bugzilla.redhat.com/show_bug.cgi?id=2251004

https://bugzilla.redhat.com/show_bug.cgi?id=2251192

https://bugzilla.redhat.com/show_bug.cgi?id=2252048

https://bugzilla.redhat.com/show_bug.cgi?id=2252396

https://bugzilla.redhat.com/show_bug.cgi?id=2253313

https://bugzilla.redhat.com/show_bug.cgi?id=2254121

https://bugzilla.redhat.com/show_bug.cgi?id=2254122

https://bugzilla.redhat.com/show_bug.cgi?id=2254125

https://bugzilla.redhat.com/show_bug.cgi?id=2254480

https://bugzilla.redhat.com/show_bug.cgi?id=2254582

https://bugzilla.redhat.com/show_bug.cgi?id=2255030

https://bugzilla.redhat.com/show_bug.cgi?id=2255255

https://bugzilla.redhat.com/show_bug.cgi?id=2255938

https://bugzilla.redhat.com/show_bug.cgi?id=2256560

https://bugzilla.redhat.com/show_bug.cgi?id=2256967

https://bugzilla.redhat.com/show_bug.cgi?id=2257978

https://bugzilla.redhat.com/show_bug.cgi?id=2258143

https://bugzilla.redhat.com/show_bug.cgi?id=2258165

https://bugzilla.redhat.com/show_bug.cgi?id=2258542

https://bugzilla.redhat.com/show_bug.cgi?id=2258879

https://bugzilla.redhat.com/show_bug.cgi?id=2258940

https://bugzilla.redhat.com/show_bug.cgi?id=2258951

https://bugzilla.redhat.com/show_bug.cgi?id=2258997

https://bugzilla.redhat.com/show_bug.cgi?id=2259179

https://bugzilla.redhat.com/show_bug.cgi?id=2259461

https://bugzilla.redhat.com/show_bug.cgi?id=2259938

https://bugzilla.redhat.com/show_bug.cgi?id=2260003

https://bugzilla.redhat.com/show_bug.cgi?id=2260835

https://bugzilla.redhat.com/show_bug.cgi?id=2261239

https://bugzilla.redhat.com/show_bug.cgi?id=2262094

https://bugzilla.redhat.com/show_bug.cgi?id=2262400

https://bugzilla.redhat.com/show_bug.cgi?id=2262469

https://bugzilla.redhat.com/show_bug.cgi?id=2262650

https://bugzilla.redhat.com/show_bug.cgi?id=2262741

https://bugzilla.redhat.com/show_bug.cgi?id=2262919

https://bugzilla.redhat.com/show_bug.cgi?id=2262984

https://bugzilla.redhat.com/show_bug.cgi?id=2263813

https://bugzilla.redhat.com/show_bug.cgi?id=2263898

https://bugzilla.redhat.com/show_bug.cgi?id=2263990

https://bugzilla.redhat.com/show_bug.cgi?id=2264141

https://bugzilla.redhat.com/show_bug.cgi?id=2264142

https://bugzilla.redhat.com/show_bug.cgi?id=2264145

https://bugzilla.redhat.com/show_bug.cgi?id=2264158

https://bugzilla.redhat.com/show_bug.cgi?id=2264168

https://bugzilla.redhat.com/show_bug.cgi?id=2264177

https://bugzilla.redhat.com/show_bug.cgi?id=2264212

https://bugzilla.redhat.com/show_bug.cgi?id=2264213

https://bugzilla.redhat.com/show_bug.cgi?id=2264222

https://bugzilla.redhat.com/show_bug.cgi?id=2264348

https://bugzilla.redhat.com/show_bug.cgi?id=2264812

https://bugzilla.redhat.com/show_bug.cgi?id=2264836

https://bugzilla.redhat.com/show_bug.cgi?id=2265059

https://bugzilla.redhat.com/show_bug.cgi?id=2265148

https://bugzilla.redhat.com/show_bug.cgi?id=2265262

https://bugzilla.redhat.com/show_bug.cgi?id=2265322

https://bugzilla.redhat.com/show_bug.cgi?id=2265415

https://bugzilla.redhat.com/show_bug.cgi?id=2265558

https://bugzilla.redhat.com/show_bug.cgi?id=2265574

https://bugzilla.redhat.com/show_bug.cgi?id=2265890

https://bugzilla.redhat.com/show_bug.cgi?id=2265994

https://bugzilla.redhat.com/show_bug.cgi?id=2266020

https://bugzilla.redhat.com/show_bug.cgi?id=2266092

https://bugzilla.redhat.com/show_bug.cgi?id=2266223

https://bugzilla.redhat.com/show_bug.cgi?id=2266227

https://bugzilla.redhat.com/show_bug.cgi?id=2266248

https://bugzilla.redhat.com/show_bug.cgi?id=2266256

https://bugzilla.redhat.com/show_bug.cgi?id=2266411

https://bugzilla.redhat.com/show_bug.cgi?id=2266529

https://bugzilla.redhat.com/show_bug.cgi?id=2266530

https://bugzilla.redhat.com/show_bug.cgi?id=2266579

https://bugzilla.redhat.com/show_bug.cgi?id=2267040

https://bugzilla.redhat.com/show_bug.cgi?id=2267624

https://bugzilla.redhat.com/show_bug.cgi?id=2267625

https://bugzilla.redhat.com/show_bug.cgi?id=2267715

https://bugzilla.redhat.com/show_bug.cgi?id=2267763

https://bugzilla.redhat.com/show_bug.cgi?id=2267814

https://bugzilla.redhat.com/show_bug.cgi?id=2267957

https://bugzilla.redhat.com/show_bug.cgi?id=2268036

https://bugzilla.redhat.com/show_bug.cgi?id=2268039

https://bugzilla.redhat.com/show_bug.cgi?id=2268040

https://bugzilla.redhat.com/show_bug.cgi?id=2268059

https://bugzilla.redhat.com/show_bug.cgi?id=2268414

https://bugzilla.redhat.com/show_bug.cgi?id=2268560

https://bugzilla.redhat.com/show_bug.cgi?id=2268567

https://bugzilla.redhat.com/show_bug.cgi?id=2268996

https://bugzilla.redhat.com/show_bug.cgi?id=2269038

https://bugzilla.redhat.com/show_bug.cgi?id=2269321

https://bugzilla.redhat.com/show_bug.cgi?id=2269337

https://bugzilla.redhat.com/show_bug.cgi?id=2269347

https://bugzilla.redhat.com/show_bug.cgi?id=2269374

https://bugzilla.redhat.com/show_bug.cgi?id=2269381

https://bugzilla.redhat.com/show_bug.cgi?id=2269526

https://bugzilla.redhat.com/show_bug.cgi?id=2269662

https://bugzilla.redhat.com/show_bug.cgi?id=2269664

https://bugzilla.redhat.com/show_bug.cgi?id=2269687

https://bugzilla.redhat.com/show_bug.cgi?id=2270211

https://bugzilla.redhat.com/show_bug.cgi?id=2270237

https://bugzilla.redhat.com/show_bug.cgi?id=2270245

https://bugzilla.redhat.com/show_bug.cgi?id=2270334

https://bugzilla.redhat.com/show_bug.cgi?id=2270402

https://bugzilla.redhat.com/show_bug.cgi?id=2270442

https://bugzilla.redhat.com/show_bug.cgi?id=2270625

https://bugzilla.redhat.com/show_bug.cgi?id=2270645

https://bugzilla.redhat.com/show_bug.cgi?id=2270656

https://bugzilla.redhat.com/show_bug.cgi?id=2270785

https://bugzilla.redhat.com/show_bug.cgi?id=2271096

https://bugzilla.redhat.com/show_bug.cgi?id=2271110

https://bugzilla.redhat.com/show_bug.cgi?id=2271135

https://bugzilla.redhat.com/show_bug.cgi?id=2271399

https://bugzilla.redhat.com/show_bug.cgi?id=2271806

https://bugzilla.redhat.com/show_bug.cgi?id=2271835

https://bugzilla.redhat.com/show_bug.cgi?id=2271938

https://bugzilla.redhat.com/show_bug.cgi?id=2272031

https://bugzilla.redhat.com/show_bug.cgi?id=2272038

https://bugzilla.redhat.com/show_bug.cgi?id=2272157

https://bugzilla.redhat.com/show_bug.cgi?id=2272437

https://bugzilla.redhat.com/show_bug.cgi?id=2272468

https://bugzilla.redhat.com/show_bug.cgi?id=2272621

https://bugzilla.redhat.com/show_bug.cgi?id=2272622

https://bugzilla.redhat.com/show_bug.cgi?id=2272632

https://bugzilla.redhat.com/show_bug.cgi?id=2272647

https://bugzilla.redhat.com/show_bug.cgi?id=2272661

https://bugzilla.redhat.com/show_bug.cgi?id=2272662

https://bugzilla.redhat.com/show_bug.cgi?id=2272979

https://bugzilla.redhat.com/show_bug.cgi?id=2273000

https://bugzilla.redhat.com/show_bug.cgi?id=2273608

https://bugzilla.redhat.com/show_bug.cgi?id=2273693

https://bugzilla.redhat.com/show_bug.cgi?id=2273836

https://bugzilla.redhat.com/show_bug.cgi?id=2273837

https://bugzilla.redhat.com/show_bug.cgi?id=2273927

https://bugzilla.redhat.com/show_bug.cgi?id=2273935

https://bugzilla.redhat.com/show_bug.cgi?id=2273936

https://bugzilla.redhat.com/show_bug.cgi?id=2273938

https://bugzilla.redhat.com/show_bug.cgi?id=2274305

https://bugzilla.redhat.com/show_bug.cgi?id=2274703

https://bugzilla.redhat.com/show_bug.cgi?id=2274704

https://bugzilla.redhat.com/show_bug.cgi?id=2275103

https://bugzilla.redhat.com/show_bug.cgi?id=2275323

https://bugzilla.redhat.com/show_bug.cgi?id=2275459

https://bugzilla.redhat.com/show_bug.cgi?id=2275463

https://bugzilla.redhat.com/show_bug.cgi?id=2275506

https://bugzilla.redhat.com/show_bug.cgi?id=2275861

https://bugzilla.redhat.com/show_bug.cgi?id=2276031

https://bugzilla.redhat.com/show_bug.cgi?id=2276034

https://bugzilla.redhat.com/show_bug.cgi?id=2276038

https://bugzilla.redhat.com/show_bug.cgi?id=2276340

https://bugzilla.redhat.com/show_bug.cgi?id=2276361

https://bugzilla.redhat.com/show_bug.cgi?id=2276379

https://bugzilla.redhat.com/show_bug.cgi?id=2276498

https://bugzilla.redhat.com/show_bug.cgi?id=2276636

https://bugzilla.redhat.com/show_bug.cgi?id=2276900

https://bugzilla.redhat.com/show_bug.cgi?id=2276989

https://bugzilla.redhat.com/show_bug.cgi?id=2277099

https://bugzilla.redhat.com/show_bug.cgi?id=2277143

https://bugzilla.redhat.com/show_bug.cgi?id=2277692

https://bugzilla.redhat.com/show_bug.cgi?id=2277699

https://bugzilla.redhat.com/show_bug.cgi?id=2277830

https://bugzilla.redhat.com/show_bug.cgi?id=2277944

https://bugzilla.redhat.com/show_bug.cgi?id=2277945

https://bugzilla.redhat.com/show_bug.cgi?id=2277947

https://bugzilla.redhat.com/show_bug.cgi?id=2278166

https://bugzilla.redhat.com/show_bug.cgi?id=2278326

https://bugzilla.redhat.com/show_bug.cgi?id=2278778

https://bugzilla.redhat.com/show_bug.cgi?id=2279339

https://bugzilla.redhat.com/show_bug.cgi?id=2279352

https://bugzilla.redhat.com/show_bug.cgi?id=2279461

https://bugzilla.redhat.com/show_bug.cgi?id=2279530

https://bugzilla.redhat.com/show_bug.cgi?id=2279607

https://bugzilla.redhat.com/show_bug.cgi?id=2279862

https://bugzilla.redhat.com/show_bug.cgi?id=2280205

https://bugzilla.redhat.com/show_bug.cgi?id=2280332

https://bugzilla.redhat.com/show_bug.cgi?id=2280742

https://bugzilla.redhat.com/show_bug.cgi?id=2280954

https://bugzilla.redhat.com/show_bug.cgi?id=2281465

https://bugzilla.redhat.com/show_bug.cgi?id=2281471

https://bugzilla.redhat.com/show_bug.cgi?id=2282364

https://bugzilla.redhat.com/show_bug.cgi?id=2282533

https://bugzilla.redhat.com/show_bug.cgi?id=2283630

http://www.nessus.org/u?eda09809

https://access.redhat.com/errata/RHSA-2024:3925

Plugin Details

Severity: Critical

ID: 200554

File Name: redhat-RHSA-2024-3925.nasl

Version: 1.2

Type: local

Agent: unix

Published: 6/14/2024

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-49569

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ceph-mib, p-cpe:/a:redhat:enterprise_linux:python3-ceph-argparse, p-cpe:/a:redhat:enterprise_linux:cephadm-ansible, p-cpe:/a:redhat:enterprise_linux:librgw2, p-cpe:/a:redhat:enterprise_linux:libradospp-devel, p-cpe:/a:redhat:enterprise_linux:python3-ceph-common, p-cpe:/a:redhat:enterprise_linux:libradosstriper1, p-cpe:/a:redhat:enterprise_linux:librgw-devel, p-cpe:/a:redhat:enterprise_linux:cephadm, p-cpe:/a:redhat:enterprise_linux:librados-devel, p-cpe:/a:redhat:enterprise_linux:librbd-devel, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:liboath, p-cpe:/a:redhat:enterprise_linux:python3-cephfs, p-cpe:/a:redhat:enterprise_linux:gperftools-libs, p-cpe:/a:redhat:enterprise_linux:libunwind, p-cpe:/a:redhat:enterprise_linux:ceph-common, p-cpe:/a:redhat:enterprise_linux:ceph-resource-agents, p-cpe:/a:redhat:enterprise_linux:cephfs-top, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:gperftools, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:redhat:enterprise_linux:libcephfs2, p-cpe:/a:redhat:enterprise_linux:ceph, p-cpe:/a:redhat:enterprise_linux:python3-rados, p-cpe:/a:redhat:enterprise_linux:rbd-nbd, p-cpe:/a:redhat:enterprise_linux:librbd1, p-cpe:/a:redhat:enterprise_linux:ceph-base, p-cpe:/a:redhat:enterprise_linux:ceph-fuse, p-cpe:/a:redhat:enterprise_linux:ceph-immutable-object-cache, p-cpe:/a:redhat:enterprise_linux:python3-rbd, p-cpe:/a:redhat:enterprise_linux:ceph-selinux, p-cpe:/a:redhat:enterprise_linux:python3-rgw, p-cpe:/a:redhat:enterprise_linux:thrift, p-cpe:/a:redhat:enterprise_linux:libcephfs-devel, p-cpe:/a:redhat:enterprise_linux:oath-toolkit

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 6/14/2024

Vulnerability Publication Date: 6/22/2023

Reference Information

CVE: CVE-2023-3128, CVE-2023-4822, CVE-2023-49568, CVE-2023-49569

CWE: 22, 305, 400

RHSA: 2024:3925