RHEL 7 : Red Hat Ceph Storage 1.3.1 (RHSA-2015:2066)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Red Hat Ceph Storage 1.3.1 that fixes one security issue, multiple
bugs, and adds various enhancements is now available for Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Red Hat Ceph Storage is a massively scalable, open, software-defined
storage platform that combines the most stable version of the Ceph
storage system with a Ceph management platform, deployment tools, and
support services.

A feature in Ceph Object Gateway (RGW) allows to return a specific
HTTP header that contains the name of a bucket that was accessed. It
was found that the returned HTTP headers were not sanitized. An
unauthenticated attacker could use this flaw to craft HTTP headers in
responses that would confuse the load balancer residing in front of
RGW, potentially resulting in a denial of service. (CVE-2015-5245)

The ceph packages have been upgraded to upstream version 0.94.3 and
the radosgw-agent packages have been upgraded to upstream version
1.2.3. The new versions provide a number of bug fixes and enhancements
over the previous versions. (BZ#1238415)

This update also fixes the following bugs :

* This update fixes various bugs in the Ceph monitor nodes and the
Ceph Object Storage Device (OSD) Daemons. (BZ#1219040, BZ#1223941,
BZ#1265973)

* With this update, when using the Civetweb server, the Ceph Object
Gateway no longer reports the full object size downloaded even though
the download was aborted in the middle. (BZ#1235845)

* The Civetweb server now correctly displays the HTTP return code in
the log files. (BZ#1245663)

* The Ceph Object Gateway now correctly assigns Access Control Lists
(ACL) to new objects created during the copy operation. (BZ#1253766)

* Under certain circumstances, copying an object onto itself (for
example, to change its metadata) produced a truncated object. The
truncated object had correct metadata, including the original size,
but the underlying RADOS object was smaller. Consequently, when a
client attempted to fetch the object, it received less data than
indicated by the Content-Length header, blocked for more, and
eventually timed out. This bug has been fixed, and the object can now
be read successfully in the aforementioned scenario. (BZ#1258618)

* The Ceph Object Gateway no longer requires the 'requiretty' setting
to be disabled in the sudoers configuration for the root user.
(BZ#1238521)

* In certain scenarios, when all acting set Ceph Object Storage Device
(OSD) Daemons for a placement group (PG) were restarted during the
backfill process, the OSDs failed to peer the PG. Now, the OSDs peer
the PGs as expected. (BZ#1223532)

In addition, this update adds the following enhancements :

* Administrators of the Ceph Object Gateway can now configure the
maximum number of buckets for users by using the new
'rgw_user_max_buckets' option in the Ceph configuration file.
(BZ#1254343)

* The suicide timeout option is now configurable. The option ensures
that poorly behaving OSDs self-terminate instead of running in
degraded states and slowing traffic. (BZ#1210825)

* The rhcs-installer package provides a new Foreman-based installer.
This update adds the new rhcs-installer package to Red Hat Ceph
Storage as a Technology Preview. (BZ#1213026, BZ#1213086, BZ#1220961)

More information about Red Hat Technology Previews is available here:
https://access.redhat.com/support/offerings/techpreview/

All Red Hat Ceph Storage users are advised to upgrade to this new
version, which corrects these issues and adds these enhancements.

See also :

http://rhn.redhat.com/errata/RHSA-2015-2066.html
https://www.redhat.com/security/data/cve/CVE-2015-5245.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 87043 ()

Bugtraq ID:

CVE ID: CVE-2015-5245

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now