SUSE update for ceph



Published: 2023-03-27
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2022-0670
CVE-2022-3650
CVE-2022-3854
CWE-ID CWE-264
CWE-276
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SUSE Linux Enterprise Micro for Rancher
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15
Operating systems & Components / Operating system

Basesystem Module
Operating systems & Components / Operating system

openSUSE Leap Micro
Operating systems & Components / Operating system

SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

SUSE Manager Retail Branch Server
Operating systems & Components / Operating system

SUSE Manager Server
Operating systems & Components / Operating system

SUSE Manager Proxy
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

ceph-test-debugsource
Operating systems & Components / Operating system package or component

ceph-test-debuginfo
Operating systems & Components / Operating system package or component

ceph-test
Operating systems & Components / Operating system package or component

ceph-mgr-cephadm
Operating systems & Components / Operating system package or component

cephadm
Operating systems & Components / Operating system package or component

ceph-mgr-rook
Operating systems & Components / Operating system package or component

ceph-mgr-modules-core
Operating systems & Components / Operating system package or component

ceph-mgr-k8sevents
Operating systems & Components / Operating system package or component

ceph-mgr-dashboard
Operating systems & Components / Operating system package or component

ceph-grafana-dashboards
Operating systems & Components / Operating system package or component

ceph-mgr-diskprediction-local
Operating systems & Components / Operating system package or component

cephfs-top
Operating systems & Components / Operating system package or component

ceph-prometheus-alerts
Operating systems & Components / Operating system package or component

ceph-immutable-object-cache
Operating systems & Components / Operating system package or component

librados-devel-debuginfo
Operating systems & Components / Operating system package or component

ceph-radosgw
Operating systems & Components / Operating system package or component

python3-rados-debuginfo
Operating systems & Components / Operating system package or component

libcephfs-devel
Operating systems & Components / Operating system package or component

librgw2-debuginfo
Operating systems & Components / Operating system package or component

ceph-radosgw-debuginfo
Operating systems & Components / Operating system package or component

python3-rgw-debuginfo
Operating systems & Components / Operating system package or component

ceph-mon-debuginfo
Operating systems & Components / Operating system package or component

ceph-mon
Operating systems & Components / Operating system package or component

ceph-mgr
Operating systems & Components / Operating system package or component

libcephsqlite
Operating systems & Components / Operating system package or component

python3-rados
Operating systems & Components / Operating system package or component

libcephsqlite-debuginfo
Operating systems & Components / Operating system package or component

rbd-mirror-debuginfo
Operating systems & Components / Operating system package or component

libcephsqlite-devel
Operating systems & Components / Operating system package or component

librbd-devel
Operating systems & Components / Operating system package or component

rbd-mirror
Operating systems & Components / Operating system package or component

python3-rgw
Operating systems & Components / Operating system package or component

python3-rbd
Operating systems & Components / Operating system package or component

ceph-mds-debuginfo
Operating systems & Components / Operating system package or component

python3-ceph-common
Operating systems & Components / Operating system package or component

ceph-common
Operating systems & Components / Operating system package or component

ceph-immutable-object-cache-debuginfo
Operating systems & Components / Operating system package or component

rbd-nbd
Operating systems & Components / Operating system package or component

python3-cephfs-debuginfo
Operating systems & Components / Operating system package or component

libradospp-devel
Operating systems & Components / Operating system package or component

python3-cephfs
Operating systems & Components / Operating system package or component

ceph-osd-debuginfo
Operating systems & Components / Operating system package or component

ceph-mgr-debuginfo
Operating systems & Components / Operating system package or component

rbd-nbd-debuginfo
Operating systems & Components / Operating system package or component

libcephfs2-debuginfo
Operating systems & Components / Operating system package or component

cephfs-shell
Operating systems & Components / Operating system package or component

ceph-base
Operating systems & Components / Operating system package or component

ceph-common-debuginfo
Operating systems & Components / Operating system package or component

cephfs-mirror-debuginfo
Operating systems & Components / Operating system package or component

cephfs-mirror
Operating systems & Components / Operating system package or component

librados-devel
Operating systems & Components / Operating system package or component

librgw2
Operating systems & Components / Operating system package or component

ceph-base-debuginfo
Operating systems & Components / Operating system package or component

rbd-fuse
Operating systems & Components / Operating system package or component

rados-objclass-devel
Operating systems & Components / Operating system package or component

python3-rbd-debuginfo
Operating systems & Components / Operating system package or component

python3-ceph-argparse
Operating systems & Components / Operating system package or component

ceph-fuse
Operating systems & Components / Operating system package or component

ceph-fuse-debuginfo
Operating systems & Components / Operating system package or component

ceph-osd
Operating systems & Components / Operating system package or component

ceph
Operating systems & Components / Operating system package or component

libcephfs2
Operating systems & Components / Operating system package or component

ceph-mds
Operating systems & Components / Operating system package or component

librgw-devel
Operating systems & Components / Operating system package or component

rbd-fuse-debuginfo
Operating systems & Components / Operating system package or component

librbd1-debuginfo
Operating systems & Components / Operating system package or component

ceph-debugsource
Operating systems & Components / Operating system package or component

librados2-debuginfo
Operating systems & Components / Operating system package or component

librbd1
Operating systems & Components / Operating system package or component

librados2
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU66440

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0670

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to an error within the "volumes" plugin in Ceph Manager. The Openstack manilla owning a Ceph File system "share" enables the owner to read/write any manilla share or entire file system.

Mitigation

Update the affected package ceph to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro for Rancher: 5.3

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Linux Enterprise Desktop 15: SP4

Basesystem Module: 15-SP4

openSUSE Leap Micro: 5.3

SUSE Linux Enterprise Micro: 5.3

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

ceph-test-debugsource: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-test-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-test: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-cephadm: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephadm: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-rook: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-modules-core: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-k8sevents: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-dashboard: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-grafana-dashboards: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-diskprediction-local: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-top: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-prometheus-alerts: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-immutable-object-cache: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados-devel-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-radosgw: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rados-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephfs-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librgw2-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-radosgw-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rgw-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mon-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mon: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephsqlite: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rados: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephsqlite-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-mirror-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephsqlite-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librbd-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-mirror: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rgw: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rbd: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mds-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-ceph-common: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-common: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-immutable-object-cache-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-nbd: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-cephfs-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libradospp-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-cephfs: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-osd-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-nbd-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephfs2-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-shell: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-base: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-common-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-mirror-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-mirror: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librgw2: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-base-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-fuse: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rados-objclass-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rbd-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-ceph-argparse: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-fuse: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-fuse-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-osd: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephfs2: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mds: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librgw-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-fuse-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librbd1-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-debugsource: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados2-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librbd1: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados2: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20231581-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Incorrect default permissions

EUVDB-ID: #VU72630

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3650

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to ceph-crash.service runs the ceph-crash Python script with root privileges. The script is operating in the directory /var/lib/ceph/crash which is controlled by the unprivileged ceph user. A local user can inject arbitrary data into the crash dump and force the privileged script to write that file into an arbitrary location on the system, resulting in privilege escalation.

Mitigation

Update the affected package ceph to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro for Rancher: 5.3

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Linux Enterprise Desktop 15: SP4

Basesystem Module: 15-SP4

openSUSE Leap Micro: 5.3

SUSE Linux Enterprise Micro: 5.3

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

ceph-test-debugsource: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-test-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-test: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-cephadm: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephadm: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-rook: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-modules-core: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-k8sevents: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-dashboard: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-grafana-dashboards: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-diskprediction-local: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-top: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-prometheus-alerts: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-immutable-object-cache: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados-devel-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-radosgw: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rados-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephfs-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librgw2-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-radosgw-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rgw-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mon-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mon: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephsqlite: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rados: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephsqlite-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-mirror-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephsqlite-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librbd-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-mirror: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rgw: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rbd: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mds-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-ceph-common: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-common: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-immutable-object-cache-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-nbd: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-cephfs-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libradospp-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-cephfs: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-osd-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-nbd-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephfs2-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-shell: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-base: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-common-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-mirror-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-mirror: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librgw2: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-base-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-fuse: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rados-objclass-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rbd-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-ceph-argparse: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-fuse: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-fuse-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-osd: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephfs2: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mds: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librgw-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-fuse-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librbd1-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-debugsource: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados2-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librbd1: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados2: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20231581-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU74055

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3854

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling URL on RGW backends. A remote attacker can pass specially crafted URL to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package ceph to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro for Rancher: 5.3

SUSE Linux Enterprise Server for SAP Applications 15: SP4

SUSE Linux Enterprise Server 15: SP4

SUSE Linux Enterprise Real Time 15: SP4

SUSE Linux Enterprise High Performance Computing 15: SP4

SUSE Linux Enterprise Desktop 15: SP4

Basesystem Module: 15-SP4

openSUSE Leap Micro: 5.3

SUSE Linux Enterprise Micro: 5.3

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

openSUSE Leap: 15.4

ceph-test-debugsource: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-test-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-test: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-cephadm: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephadm: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-rook: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-modules-core: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-k8sevents: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-dashboard: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-grafana-dashboards: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-diskprediction-local: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-top: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-prometheus-alerts: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-immutable-object-cache: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados-devel-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-radosgw: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rados-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephfs-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librgw2-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-radosgw-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rgw-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mon-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mon: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephsqlite: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rados: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephsqlite-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-mirror-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephsqlite-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librbd-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-mirror: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rgw: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rbd: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mds-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-ceph-common: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-common: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-immutable-object-cache-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-nbd: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-cephfs-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libradospp-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-cephfs: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-osd-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mgr-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-nbd-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephfs2-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-shell: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-base: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-common-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-mirror-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

cephfs-mirror: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librgw2: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-base-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-fuse: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rados-objclass-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-rbd-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

python3-ceph-argparse: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-fuse: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-fuse-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-osd: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

libcephfs2: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-mds: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librgw-devel: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

rbd-fuse-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librbd1-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

ceph-debugsource: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados2-debuginfo: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librbd1: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

librados2: before 16.2.11.58+g38d6afd3b78-150400.3.6.1

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20231581-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###