openSUSE-SU-2019:1284

RHSA-2019:2538

RHSA-2019:2541

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662

https://ceph.com/releases/13-2-4-mimic-released

[debian-lts-announce] 20190301 [SECURITY] [DLA 1696-1] ceph security update

USN-4035-1

An update of the ceph package has been released.

According to the version of the ceph packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - It was found Ceph versions before 13.2.4 that     authenticated ceph users with read only permissions     could steal dm-crypt encryption keys used in ceph disk     encryption.(CVE-2018-14662)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update is now available for Red Hat Ceph Storage 3.3 on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

Security Fix(es) :

* ceph: ListBucket max-keys has no defined limit in the RGW codebase (CVE-2018-16846)

* ceph: debug logging for v4 auth does not sanitize encryption keys (CVE-2018-16889)

* ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key (CVE-2018-14662)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es) and Enhancement(s) :

For detailed information on changes in this release, see the Red Hat Ceph Storage 3.3 Release Notes available at :

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3.3 /html/ release_notes/index

It was discovered that Ceph incorrectly handled read only permissions.
An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 16.04 LTS.
(CVE-2018-14662)

It was discovered that Ceph incorrectly handled certain OMAPs holding bucket indices. An authenticated attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16846)

It was discovered that Ceph incorrectly sanitized certain debug logs.
A local attacker could possibly use this issue to obtain encryption key information. This issue was only addressed in Ubuntu 18.10 and Ubuntu 19.04. (CVE-2018-16889)

It was discovered that Ceph incorrectly handled certain civetweb requests. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-3821).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ceph version 13.2.4 fixes the following issues :

Security issues fixed :

  - CVE-2018-14662: Fixed an issue with LUKS 'config-key'     safety (bsc#1111177)

  - CVE-2018-10861: Fixed an authorization bypass on OSD     pool ops in ceph-mon (bsc#1099162)

  - CVE-2018-1128: Fixed signature check bypass in cephx     (bsc#1096748)

  - CVE-2018-1129: Fixed replay attack in cephx protocol     (bsc#1096748)

  - CVE-2018-16846: Enforced bounds on     max-keys/max-uploads/max-parts in rgw (bsc#1114710)

Non-security issues fixed :

  - ceph-volume Python 3 fixes (bsc#1114567)

  - Fixed python3 module loading (bsc#1086613)

  - Fixed an issue where ceph build fails (bsc#1084645)

  - ceph's SPDK builds with march=native (bsc#1101262)

This update was imported from the SUSE:SLE-15:Update update project.

This update for ceph version 13.2.4 fixes the following issues :

Security issues fixed :

CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety (bsc#1111177)

CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon (bsc#1099162)

CVE-2018-1128: Fixed signature check bypass in cephx (bsc#1096748)

CVE-2018-1129: Fixed replay attack in cephx protocol (bsc#1096748)

CVE-2018-16846: Enforced bounds on max-keys/max-uploads/max-parts in rgw

Non-security issues fixed: ceph-volume Python 3 fixes (bsc#1114567)

fix python3 module loading (bsc#1086613)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ceph fixes the following issues :

Security issues fixed :

  - CVE-2018-14662: mon: limit caps allowed to access the     config store (bsc#1111177)

  - CVE-2018-16846: rgw: enforce bounds on     max-keys/max-uploads/max-parts (bsc#1114710)

  - CVE-2018-16889: rgw: sanitize customer encryption keys     from log output in v4 auth (bsc#1121567)

Non-security issue fixed :

  - os/bluestore: avoid frequent allocator dump on bluefs     rebalance failure (bsc#1113246)

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Several vulnerabilities were discovered in Ceph, a distributed storage and file system.

CVE-2018-14662

It was found that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

CVE-2018-16846

It was found that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

For Debian 8 'Jessie', these problems have been fixed in version 0.80.7-2+deb8u3.

We recommend that you upgrade your ceph packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ceph fixes the following issues :

Security issues fixed :

CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177)

CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710)

CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567)

Non-security issue fixed: os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New release (1:12.2.11-1) notes=Security fix for CVE-2018-14662, CVE-2018-16846, CVE-2018-16889

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
136326	Photon OS 2.0: Ceph PHSA-2020-2.0-0237	Nessus	PhotonOS Local Security Checks	low
134777	EulerOS 2.0 SP8 : ceph (EulerOS-SA-2020-1285)	Nessus	Huawei Local Security Checks	low
128106	RHEL 7 : Red Hat Ceph Storage 3.3 (RHSA-2019:2538)	Nessus	Red Hat Local Security Checks	medium
126255	Ubuntu 16.04 LTS / 18.10 / 19.04 : Ceph vulnerabilities (USN-4035-1)	Nessus	Ubuntu Local Security Checks	medium
124358	openSUSE Security Update : ceph (openSUSE-2019-1284)	Nessus	SuSE Local Security Checks	medium
122809	SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2019:0586-1)	Nessus	SuSE Local Security Checks	medium
122742	openSUSE Security Update : ceph (openSUSE-2019-306)	Nessus	SuSE Local Security Checks	medium
122547	Debian DLA-1696-1 : ceph security update	Nessus	Debian Local Security Checks	low
122476	SUSE SLED12 / SLES12 Security Update : ceph (SUSE-SU-2019:0499-1)	Nessus	SuSE Local Security Checks	medium
122323	Fedora 29 : 1:ceph (2019-6a2e72916a)	Nessus	Fedora Local Security Checks	medium

CVE-2018-14662

LOW

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Tenable Plugins

low

low

medium

medium

medium

medium

medium

low

medium

medium