Main Vulnerability Database SB2022122122

SB2022122122 - SUSE update for ceph

Published: December 21, 2022

Security Bulletin ID SB2022122122

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-3979)

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to Ceph volume does not the honour osd_dmcrypt_key_size, resulting in the key length is being incorrectly passed in an encryption algorithm to create a non random key. An attacker with physical access to encrypted device can decrypt data and gain access to sensitive information.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2022/suse-su-20224501-1/

Vulnerable Software

SUSE Manager Proxy: 4.2
SUSE Manager Retail Branch Server: 4.2
SUSE Manager Server: 4.2
SUSE Linux Enterprise Micro: 5.1, 5.2
openSUSE Leap Micro: 5.2
SUSE Enterprise Storage: 7.1
SUSE Linux Enterprise Desktop: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP3
SUSE Linux Enterprise Server: 15-SP3
SUSE Linux Enterprise Server for SAP Applications: 15-SP3
openSUSE Leap: 15.3
libfmt8: before 8.0.1-150300.7.5.1
fmt-debugsource: before 8.0.1-150300.7.5.1
libfmt8-debuginfo: before 8.0.1-150300.7.5.1
rbd-mirror: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
rbd-mirror-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
rbd-fuse-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
rbd-fuse: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
rados-objclass-devel: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
python3-rgw-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
python3-rgw: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
python3-rbd-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
python3-rbd: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
python3-rados-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
python3-rados: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
python3-cephfs-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
python3-cephfs: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
python3-ceph-common: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
python3-ceph-argparse: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
librgw2-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
librgw-devel: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
rbd-nbd: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
rbd-nbd-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-grafana-dashboards: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mgr-cephadm: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mgr-dashboard: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mgr-diskprediction-local: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mgr-k8sevents: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mgr-modules-core: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mgr-rook: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-prometheus-alerts: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
cephadm: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-test: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-test-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-test-debugsource: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-debugsource: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mgr: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
librados2: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
librados2-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
librbd1: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
librbd1-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-base: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-base-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-common: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-common-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-fuse: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-fuse-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-immutable-object-cache: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-immutable-object-cache-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mds: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mds-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
librgw2: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mgr-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mon: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-mon-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-osd: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-osd-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-radosgw: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
ceph-radosgw-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
cephfs-shell: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
libcephfs-devel: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
libcephfs2: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
libcephfs2-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
librados-devel: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
librados-devel-debuginfo: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
libradospp-devel: before 16.2.9.536+g41a9f9a5573-150300.6.3.1
librbd-devel: before 16.2.9.536+g41a9f9a5573-150300.6.3.1

SB2022122122 - SUSE update for ceph

Breakdown by Severity

Description

Remediation

References

Please verify you're human