{"schema_version":"1.7.2","id":"OESA-2022-1715","modified":"2022-06-17T11:03:53Z","published":"2022-06-17T11:03:53Z","upstream":["CVE-2021-20288"],"summary":"ceph security update","details":"Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.\r\n\r\nSecurity Fix(es):\r\n\r\nAn authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn\u0026apos;t sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20288)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"ceph","purl":"pkg:rpm/openEuler/ceph\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.2.8-22.oe1"}]}],"ecosystem_specific":{"aarch64":["librados-devel-12.2.8-22.oe1.aarch64.rpm","ceph-common-12.2.8-22.oe1.aarch64.rpm","ceph-radosgw-12.2.8-22.oe1.aarch64.rpm","libcephfs2-12.2.8-22.oe1.aarch64.rpm","librgw-devel-12.2.8-22.oe1.aarch64.rpm","ceph-selinux-12.2.8-22.oe1.aarch64.rpm","libradosstriper-devel-12.2.8-22.oe1.aarch64.rpm","rbd-mirror-12.2.8-22.oe1.aarch64.rpm","python-ceph-compat-12.2.8-22.oe1.aarch64.rpm","ceph-test-12.2.8-22.oe1.aarch64.rpm","ceph-mds-12.2.8-22.oe1.aarch64.rpm","python-rgw-12.2.8-22.oe1.aarch64.rpm","ceph-osd-12.2.8-22.oe1.aarch64.rpm","libradosstriper1-12.2.8-22.oe1.aarch64.rpm","python-cephfs-12.2.8-22.oe1.aarch64.rpm","rbd-nbd-12.2.8-22.oe1.aarch64.rpm","python3-rados-12.2.8-22.oe1.aarch64.rpm","libcephfs-devel-12.2.8-22.oe1.aarch64.rpm","python3-rgw-12.2.8-22.oe1.aarch64.rpm","librgw2-12.2.8-22.oe1.aarch64.rpm","python3-rbd-12.2.8-22.oe1.aarch64.rpm","ceph-debuginfo-12.2.8-22.oe1.aarch64.rpm","librbd1-12.2.8-22.oe1.aarch64.rpm","librbd-devel-12.2.8-22.oe1.aarch64.rpm","ceph-mon-12.2.8-22.oe1.aarch64.rpm","python-rados-12.2.8-22.oe1.aarch64.rpm","librados2-12.2.8-22.oe1.aarch64.rpm","ceph-mgr-12.2.8-22.oe1.aarch64.rpm","python3-cephfs-12.2.8-22.oe1.aarch64.rpm","python3-ceph-argparse-12.2.8-22.oe1.aarch64.rpm","rbd-fuse-12.2.8-22.oe1.aarch64.rpm","ceph-debugsource-12.2.8-22.oe1.aarch64.rpm","python-rbd-12.2.8-22.oe1.aarch64.rpm","ceph-base-12.2.8-22.oe1.aarch64.rpm","ceph-fuse-12.2.8-22.oe1.aarch64.rpm","ceph-12.2.8-22.oe1.aarch64.rpm","ceph-resource-agents-12.2.8-22.oe1.aarch64.rpm","rados-objclass-devel-12.2.8-22.oe1.aarch64.rpm"],"src":["ceph-12.2.8-22.oe1.src.rpm"],"x86_64":["libcephfs2-12.2.8-22.oe1.x86_64.rpm","librgw-devel-12.2.8-22.oe1.x86_64.rpm","python3-cephfs-12.2.8-22.oe1.x86_64.rpm","python3-rgw-12.2.8-22.oe1.x86_64.rpm","python-cephfs-12.2.8-22.oe1.x86_64.rpm","python3-ceph-argparse-12.2.8-22.oe1.x86_64.rpm","rados-objclass-devel-12.2.8-22.oe1.x86_64.rpm","ceph-base-12.2.8-22.oe1.x86_64.rpm","ceph-osd-12.2.8-22.oe1.x86_64.rpm","ceph-radosgw-12.2.8-22.oe1.x86_64.rpm","librados2-12.2.8-22.oe1.x86_64.rpm","rbd-mirror-12.2.8-22.oe1.x86_64.rpm","python3-rbd-12.2.8-22.oe1.x86_64.rpm","ceph-12.2.8-22.oe1.x86_64.rpm","python-ceph-compat-12.2.8-22.oe1.x86_64.rpm","python-rados-12.2.8-22.oe1.x86_64.rpm","libradosstriper1-12.2.8-22.oe1.x86_64.rpm","libradosstriper-devel-12.2.8-22.oe1.x86_64.rpm","ceph-debuginfo-12.2.8-22.oe1.x86_64.rpm","python-rbd-12.2.8-22.oe1.x86_64.rpm","ceph-mds-12.2.8-22.oe1.x86_64.rpm","python-rgw-12.2.8-22.oe1.x86_64.rpm","librgw2-12.2.8-22.oe1.x86_64.rpm","ceph-fuse-12.2.8-22.oe1.x86_64.rpm","ceph-common-12.2.8-22.oe1.x86_64.rpm","librbd-devel-12.2.8-22.oe1.x86_64.rpm","rbd-fuse-12.2.8-22.oe1.x86_64.rpm","librbd1-12.2.8-22.oe1.x86_64.rpm","ceph-resource-agents-12.2.8-22.oe1.x86_64.rpm","ceph-debugsource-12.2.8-22.oe1.x86_64.rpm","ceph-mon-12.2.8-22.oe1.x86_64.rpm","python3-rados-12.2.8-22.oe1.x86_64.rpm","rbd-nbd-12.2.8-22.oe1.x86_64.rpm","ceph-selinux-12.2.8-22.oe1.x86_64.rpm","ceph-mgr-12.2.8-22.oe1.x86_64.rpm","librados-devel-12.2.8-22.oe1.x86_64.rpm","libcephfs-devel-12.2.8-22.oe1.x86_64.rpm","ceph-test-12.2.8-22.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"ceph","purl":"pkg:rpm/openEuler/ceph\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.2.8-22.oe1"}]}],"ecosystem_specific":{"aarch64":["ceph-mds-12.2.8-22.oe1.aarch64.rpm","ceph-common-12.2.8-22.oe1.aarch64.rpm","ceph-radosgw-12.2.8-22.oe1.aarch64.rpm","librgw2-12.2.8-22.oe1.aarch64.rpm","ceph-mgr-12.2.8-22.oe1.aarch64.rpm","python-rados-12.2.8-22.oe1.aarch64.rpm","ceph-osd-12.2.8-22.oe1.aarch64.rpm","python-rbd-12.2.8-22.oe1.aarch64.rpm","ceph-selinux-12.2.8-22.oe1.aarch64.rpm","python3-rados-12.2.8-22.oe1.aarch64.rpm","librbd1-12.2.8-22.oe1.aarch64.rpm","librados2-12.2.8-22.oe1.aarch64.rpm","python3-ceph-argparse-12.2.8-22.oe1.aarch64.rpm","libradosstriper1-12.2.8-22.oe1.aarch64.rpm","librbd-devel-12.2.8-22.oe1.aarch64.rpm","librados-devel-12.2.8-22.oe1.aarch64.rpm","python-ceph-compat-12.2.8-22.oe1.aarch64.rpm","ceph-resource-agents-12.2.8-22.oe1.aarch64.rpm","ceph-debugsource-12.2.8-22.oe1.aarch64.rpm","ceph-debuginfo-12.2.8-22.oe1.aarch64.rpm","python-cephfs-12.2.8-22.oe1.aarch64.rpm","libcephfs-devel-12.2.8-22.oe1.aarch64.rpm","python3-cephfs-12.2.8-22.oe1.aarch64.rpm","libradosstriper-devel-12.2.8-22.oe1.aarch64.rpm","ceph-fuse-12.2.8-22.oe1.aarch64.rpm","rbd-nbd-12.2.8-22.oe1.aarch64.rpm","libcephfs2-12.2.8-22.oe1.aarch64.rpm","python3-rgw-12.2.8-22.oe1.aarch64.rpm","librgw-devel-12.2.8-22.oe1.aarch64.rpm","ceph-12.2.8-22.oe1.aarch64.rpm","rados-objclass-devel-12.2.8-22.oe1.aarch64.rpm","ceph-mon-12.2.8-22.oe1.aarch64.rpm","python-rgw-12.2.8-22.oe1.aarch64.rpm","ceph-test-12.2.8-22.oe1.aarch64.rpm","rbd-fuse-12.2.8-22.oe1.aarch64.rpm","python3-rbd-12.2.8-22.oe1.aarch64.rpm","rbd-mirror-12.2.8-22.oe1.aarch64.rpm","ceph-base-12.2.8-22.oe1.aarch64.rpm"],"src":["ceph-12.2.8-22.oe1.src.rpm"],"x86_64":["ceph-mgr-12.2.8-22.oe1.x86_64.rpm","python3-rbd-12.2.8-22.oe1.x86_64.rpm","libcephfs2-12.2.8-22.oe1.x86_64.rpm","ceph-mds-12.2.8-22.oe1.x86_64.rpm","python3-rados-12.2.8-22.oe1.x86_64.rpm","python3-cephfs-12.2.8-22.oe1.x86_64.rpm","ceph-radosgw-12.2.8-22.oe1.x86_64.rpm","ceph-osd-12.2.8-22.oe1.x86_64.rpm","python3-rgw-12.2.8-22.oe1.x86_64.rpm","python-cephfs-12.2.8-22.oe1.x86_64.rpm","ceph-test-12.2.8-22.oe1.x86_64.rpm","ceph-base-12.2.8-22.oe1.x86_64.rpm","libradosstriper-devel-12.2.8-22.oe1.x86_64.rpm","libradosstriper1-12.2.8-22.oe1.x86_64.rpm","rbd-fuse-12.2.8-22.oe1.x86_64.rpm","ceph-common-12.2.8-22.oe1.x86_64.rpm","ceph-debugsource-12.2.8-22.oe1.x86_64.rpm","librbd1-12.2.8-22.oe1.x86_64.rpm","librados2-12.2.8-22.oe1.x86_64.rpm","python-rbd-12.2.8-22.oe1.x86_64.rpm","python-ceph-compat-12.2.8-22.oe1.x86_64.rpm","ceph-fuse-12.2.8-22.oe1.x86_64.rpm","libcephfs-devel-12.2.8-22.oe1.x86_64.rpm","python-rgw-12.2.8-22.oe1.x86_64.rpm","python3-ceph-argparse-12.2.8-22.oe1.x86_64.rpm","ceph-mon-12.2.8-22.oe1.x86_64.rpm","rbd-mirror-12.2.8-22.oe1.x86_64.rpm","ceph-resource-agents-12.2.8-22.oe1.x86_64.rpm","rbd-nbd-12.2.8-22.oe1.x86_64.rpm","ceph-12.2.8-22.oe1.x86_64.rpm","librbd-devel-12.2.8-22.oe1.x86_64.rpm","librgw2-12.2.8-22.oe1.x86_64.rpm","python-rados-12.2.8-22.oe1.x86_64.rpm","ceph-selinux-12.2.8-22.oe1.x86_64.rpm","ceph-debuginfo-12.2.8-22.oe1.x86_64.rpm","librados-devel-12.2.8-22.oe1.x86_64.rpm","librgw-devel-12.2.8-22.oe1.x86_64.rpm","rados-objclass-devel-12.2.8-22.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1715"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20288"}],"database_specific":{"severity":"High"}}