OESA-2022-1715

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1715
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1715.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-1715
Upstream
Published
2022-06-17T11:03:53Z
Modified
2025-08-12T05:07:03.493287Z
Summary
ceph security update
Details

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.

Security Fix(es):

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20288)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / ceph

Package

Name
ceph
Purl
pkg:rpm/openEuler/ceph&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.2.8-22.oe1

Ecosystem specific

{
    "aarch64": [
        "librados-devel-12.2.8-22.oe1.aarch64.rpm",
        "ceph-common-12.2.8-22.oe1.aarch64.rpm",
        "ceph-radosgw-12.2.8-22.oe1.aarch64.rpm",
        "libcephfs2-12.2.8-22.oe1.aarch64.rpm",
        "librgw-devel-12.2.8-22.oe1.aarch64.rpm",
        "ceph-selinux-12.2.8-22.oe1.aarch64.rpm",
        "libradosstriper-devel-12.2.8-22.oe1.aarch64.rpm",
        "rbd-mirror-12.2.8-22.oe1.aarch64.rpm",
        "python-ceph-compat-12.2.8-22.oe1.aarch64.rpm",
        "ceph-test-12.2.8-22.oe1.aarch64.rpm",
        "ceph-mds-12.2.8-22.oe1.aarch64.rpm",
        "python-rgw-12.2.8-22.oe1.aarch64.rpm",
        "ceph-osd-12.2.8-22.oe1.aarch64.rpm",
        "libradosstriper1-12.2.8-22.oe1.aarch64.rpm",
        "python-cephfs-12.2.8-22.oe1.aarch64.rpm",
        "rbd-nbd-12.2.8-22.oe1.aarch64.rpm",
        "python3-rados-12.2.8-22.oe1.aarch64.rpm",
        "libcephfs-devel-12.2.8-22.oe1.aarch64.rpm",
        "python3-rgw-12.2.8-22.oe1.aarch64.rpm",
        "librgw2-12.2.8-22.oe1.aarch64.rpm",
        "python3-rbd-12.2.8-22.oe1.aarch64.rpm",
        "ceph-debuginfo-12.2.8-22.oe1.aarch64.rpm",
        "librbd1-12.2.8-22.oe1.aarch64.rpm",
        "librbd-devel-12.2.8-22.oe1.aarch64.rpm",
        "ceph-mon-12.2.8-22.oe1.aarch64.rpm",
        "python-rados-12.2.8-22.oe1.aarch64.rpm",
        "librados2-12.2.8-22.oe1.aarch64.rpm",
        "ceph-mgr-12.2.8-22.oe1.aarch64.rpm",
        "python3-cephfs-12.2.8-22.oe1.aarch64.rpm",
        "python3-ceph-argparse-12.2.8-22.oe1.aarch64.rpm",
        "rbd-fuse-12.2.8-22.oe1.aarch64.rpm",
        "ceph-debugsource-12.2.8-22.oe1.aarch64.rpm",
        "python-rbd-12.2.8-22.oe1.aarch64.rpm",
        "ceph-base-12.2.8-22.oe1.aarch64.rpm",
        "ceph-fuse-12.2.8-22.oe1.aarch64.rpm",
        "ceph-12.2.8-22.oe1.aarch64.rpm",
        "ceph-resource-agents-12.2.8-22.oe1.aarch64.rpm",
        "rados-objclass-devel-12.2.8-22.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "libcephfs2-12.2.8-22.oe1.x86_64.rpm",
        "librgw-devel-12.2.8-22.oe1.x86_64.rpm",
        "python3-cephfs-12.2.8-22.oe1.x86_64.rpm",
        "python3-rgw-12.2.8-22.oe1.x86_64.rpm",
        "python-cephfs-12.2.8-22.oe1.x86_64.rpm",
        "python3-ceph-argparse-12.2.8-22.oe1.x86_64.rpm",
        "rados-objclass-devel-12.2.8-22.oe1.x86_64.rpm",
        "ceph-base-12.2.8-22.oe1.x86_64.rpm",
        "ceph-osd-12.2.8-22.oe1.x86_64.rpm",
        "ceph-radosgw-12.2.8-22.oe1.x86_64.rpm",
        "librados2-12.2.8-22.oe1.x86_64.rpm",
        "rbd-mirror-12.2.8-22.oe1.x86_64.rpm",
        "python3-rbd-12.2.8-22.oe1.x86_64.rpm",
        "ceph-12.2.8-22.oe1.x86_64.rpm",
        "python-ceph-compat-12.2.8-22.oe1.x86_64.rpm",
        "python-rados-12.2.8-22.oe1.x86_64.rpm",
        "libradosstriper1-12.2.8-22.oe1.x86_64.rpm",
        "libradosstriper-devel-12.2.8-22.oe1.x86_64.rpm",
        "ceph-debuginfo-12.2.8-22.oe1.x86_64.rpm",
        "python-rbd-12.2.8-22.oe1.x86_64.rpm",
        "ceph-mds-12.2.8-22.oe1.x86_64.rpm",
        "python-rgw-12.2.8-22.oe1.x86_64.rpm",
        "librgw2-12.2.8-22.oe1.x86_64.rpm",
        "ceph-fuse-12.2.8-22.oe1.x86_64.rpm",
        "ceph-common-12.2.8-22.oe1.x86_64.rpm",
        "librbd-devel-12.2.8-22.oe1.x86_64.rpm",
        "rbd-fuse-12.2.8-22.oe1.x86_64.rpm",
        "librbd1-12.2.8-22.oe1.x86_64.rpm",
        "ceph-resource-agents-12.2.8-22.oe1.x86_64.rpm",
        "ceph-debugsource-12.2.8-22.oe1.x86_64.rpm",
        "ceph-mon-12.2.8-22.oe1.x86_64.rpm",
        "python3-rados-12.2.8-22.oe1.x86_64.rpm",
        "rbd-nbd-12.2.8-22.oe1.x86_64.rpm",
        "ceph-selinux-12.2.8-22.oe1.x86_64.rpm",
        "ceph-mgr-12.2.8-22.oe1.x86_64.rpm",
        "librados-devel-12.2.8-22.oe1.x86_64.rpm",
        "libcephfs-devel-12.2.8-22.oe1.x86_64.rpm",
        "ceph-test-12.2.8-22.oe1.x86_64.rpm"
    ],
    "src": [
        "ceph-12.2.8-22.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / ceph

Package

Name
ceph
Purl
pkg:rpm/openEuler/ceph&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.2.8-22.oe1

Ecosystem specific

{
    "aarch64": [
        "ceph-mds-12.2.8-22.oe1.aarch64.rpm",
        "ceph-common-12.2.8-22.oe1.aarch64.rpm",
        "ceph-radosgw-12.2.8-22.oe1.aarch64.rpm",
        "librgw2-12.2.8-22.oe1.aarch64.rpm",
        "ceph-mgr-12.2.8-22.oe1.aarch64.rpm",
        "python-rados-12.2.8-22.oe1.aarch64.rpm",
        "ceph-osd-12.2.8-22.oe1.aarch64.rpm",
        "python-rbd-12.2.8-22.oe1.aarch64.rpm",
        "ceph-selinux-12.2.8-22.oe1.aarch64.rpm",
        "python3-rados-12.2.8-22.oe1.aarch64.rpm",
        "librbd1-12.2.8-22.oe1.aarch64.rpm",
        "librados2-12.2.8-22.oe1.aarch64.rpm",
        "python3-ceph-argparse-12.2.8-22.oe1.aarch64.rpm",
        "libradosstriper1-12.2.8-22.oe1.aarch64.rpm",
        "librbd-devel-12.2.8-22.oe1.aarch64.rpm",
        "librados-devel-12.2.8-22.oe1.aarch64.rpm",
        "python-ceph-compat-12.2.8-22.oe1.aarch64.rpm",
        "ceph-resource-agents-12.2.8-22.oe1.aarch64.rpm",
        "ceph-debugsource-12.2.8-22.oe1.aarch64.rpm",
        "ceph-debuginfo-12.2.8-22.oe1.aarch64.rpm",
        "python-cephfs-12.2.8-22.oe1.aarch64.rpm",
        "libcephfs-devel-12.2.8-22.oe1.aarch64.rpm",
        "python3-cephfs-12.2.8-22.oe1.aarch64.rpm",
        "libradosstriper-devel-12.2.8-22.oe1.aarch64.rpm",
        "ceph-fuse-12.2.8-22.oe1.aarch64.rpm",
        "rbd-nbd-12.2.8-22.oe1.aarch64.rpm",
        "libcephfs2-12.2.8-22.oe1.aarch64.rpm",
        "python3-rgw-12.2.8-22.oe1.aarch64.rpm",
        "librgw-devel-12.2.8-22.oe1.aarch64.rpm",
        "ceph-12.2.8-22.oe1.aarch64.rpm",
        "rados-objclass-devel-12.2.8-22.oe1.aarch64.rpm",
        "ceph-mon-12.2.8-22.oe1.aarch64.rpm",
        "python-rgw-12.2.8-22.oe1.aarch64.rpm",
        "ceph-test-12.2.8-22.oe1.aarch64.rpm",
        "rbd-fuse-12.2.8-22.oe1.aarch64.rpm",
        "python3-rbd-12.2.8-22.oe1.aarch64.rpm",
        "rbd-mirror-12.2.8-22.oe1.aarch64.rpm",
        "ceph-base-12.2.8-22.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "ceph-mgr-12.2.8-22.oe1.x86_64.rpm",
        "python3-rbd-12.2.8-22.oe1.x86_64.rpm",
        "libcephfs2-12.2.8-22.oe1.x86_64.rpm",
        "ceph-mds-12.2.8-22.oe1.x86_64.rpm",
        "python3-rados-12.2.8-22.oe1.x86_64.rpm",
        "python3-cephfs-12.2.8-22.oe1.x86_64.rpm",
        "ceph-radosgw-12.2.8-22.oe1.x86_64.rpm",
        "ceph-osd-12.2.8-22.oe1.x86_64.rpm",
        "python3-rgw-12.2.8-22.oe1.x86_64.rpm",
        "python-cephfs-12.2.8-22.oe1.x86_64.rpm",
        "ceph-test-12.2.8-22.oe1.x86_64.rpm",
        "ceph-base-12.2.8-22.oe1.x86_64.rpm",
        "libradosstriper-devel-12.2.8-22.oe1.x86_64.rpm",
        "libradosstriper1-12.2.8-22.oe1.x86_64.rpm",
        "rbd-fuse-12.2.8-22.oe1.x86_64.rpm",
        "ceph-common-12.2.8-22.oe1.x86_64.rpm",
        "ceph-debugsource-12.2.8-22.oe1.x86_64.rpm",
        "librbd1-12.2.8-22.oe1.x86_64.rpm",
        "librados2-12.2.8-22.oe1.x86_64.rpm",
        "python-rbd-12.2.8-22.oe1.x86_64.rpm",
        "python-ceph-compat-12.2.8-22.oe1.x86_64.rpm",
        "ceph-fuse-12.2.8-22.oe1.x86_64.rpm",
        "libcephfs-devel-12.2.8-22.oe1.x86_64.rpm",
        "python-rgw-12.2.8-22.oe1.x86_64.rpm",
        "python3-ceph-argparse-12.2.8-22.oe1.x86_64.rpm",
        "ceph-mon-12.2.8-22.oe1.x86_64.rpm",
        "rbd-mirror-12.2.8-22.oe1.x86_64.rpm",
        "ceph-resource-agents-12.2.8-22.oe1.x86_64.rpm",
        "rbd-nbd-12.2.8-22.oe1.x86_64.rpm",
        "ceph-12.2.8-22.oe1.x86_64.rpm",
        "librbd-devel-12.2.8-22.oe1.x86_64.rpm",
        "librgw2-12.2.8-22.oe1.x86_64.rpm",
        "python-rados-12.2.8-22.oe1.x86_64.rpm",
        "ceph-selinux-12.2.8-22.oe1.x86_64.rpm",
        "ceph-debuginfo-12.2.8-22.oe1.x86_64.rpm",
        "librados-devel-12.2.8-22.oe1.x86_64.rpm",
        "librgw-devel-12.2.8-22.oe1.x86_64.rpm",
        "rados-objclass-devel-12.2.8-22.oe1.x86_64.rpm"
    ],
    "src": [
        "ceph-12.2.8-22.oe1.src.rpm"
    ]
}