Detections
Analytics
RHEL 7 : Red Hat Ceph Storage (RHSA-2016:2815)
medium Nessus Plugin ID 110330
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update is now available for Red Hat Ceph Storage 2.1 that fix one security issue, multiple bugs, and add various enhancements. This erratum is applicable for Red Hat Ceph Storage that runs on RHEL 7.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
The following packages have been upgraded to a newer upstream version:
ceph (10.2.3), ceph-deploy (1.5.36), calamari-server (1.4.9), nfs-ganesha (2.4.0), ceph-iscsi-config (1.5), libntirpc (1.4.1), ceph-iscsi-tools (1.1). (BZ# 1340004, BZ#1349999)
Security Fix(es) :
* A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests.
(CVE-2016-8626)
Bug Fix(es) and Enhancement(s) :
For detailed information on changes in this release, see the Red Hat Ceph Storage 2.1 Release Notes available at :
https://access.redhat.com/documentation/en/red-hat-ceph-storage/2.1/si ngle/ release-notes/
All users of Red Hat Ceph Storage are advised to upgrade to these updated packages.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 110330
File Name: redhat-RHSA-2016-2815.nasl
Version: 1.7
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 6/6/2018
Updated: 10/24/2019
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:librgw2-devel, p-cpe:/a:redhat:enterprise_linux:nfs-ganesha, p-cpe:/a:redhat:enterprise_linux:nfs-ganesha-debuginfo, p-cpe:/a:redhat:enterprise_linux:nfs-ganesha-rgw, p-cpe:/a:redhat:enterprise_linux:python-cephfs, p-cpe:/a:redhat:enterprise_linux:python-rados, p-cpe:/a:redhat:enterprise_linux:python-rbd, p-cpe:/a:redhat:enterprise_linux:rbd-mirror, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:ceph-base, p-cpe:/a:redhat:enterprise_linux:ceph-common, p-cpe:/a:redhat:enterprise_linux:ceph-debuginfo, p-cpe:/a:redhat:enterprise_linux:ceph-deploy, p-cpe:/a:redhat:enterprise_linux:ceph-fuse, p-cpe:/a:redhat:enterprise_linux:ceph-iscsi-config, p-cpe:/a:redhat:enterprise_linux:ceph-iscsi-tools, p-cpe:/a:redhat:enterprise_linux:ceph-mds, p-cpe:/a:redhat:enterprise_linux:ceph-radosgw, p-cpe:/a:redhat:enterprise_linux:ceph-selinux, p-cpe:/a:redhat:enterprise_linux:libcephfs1, p-cpe:/a:redhat:enterprise_linux:libcephfs1-devel, p-cpe:/a:redhat:enterprise_linux:libntirpc, p-cpe:/a:redhat:enterprise_linux:libntirpc-debuginfo, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:redhat:enterprise_linux:librados2-devel, p-cpe:/a:redhat:enterprise_linux:librbd1, p-cpe:/a:redhat:enterprise_linux:librbd1-devel, p-cpe:/a:redhat:enterprise_linux:librgw2
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 3/17/2017
Vulnerability Publication Date: 7/31/2018
Reference Information
CVE: CVE-2016-8626
RHSA: 2016:2815