安全漏洞

安全漏洞补丁公告

当前位置  >  首页  >  服务支持  >  安全漏洞  >  安全漏洞补丁公告

公告ID(KYSA-202101-0044

摘要:ceph安全漏洞 安全等级:重要 公告ID:KYSA-202101-0044 发布日期:2022-01-24 影响CVE: CVE-2020-10753、CVE-2020-10736、CVE-2020-25660

详细介绍

1.修复的CVE

    CVE-2020-10753

    Red Hat Ceph是美国红帽(Red Hat)公司的一套Linux PB级分布式文件系统。该系统的主要目标是设计成基于POSIX(可移植操作系统接口)的没有单点故障的分布式文件系统,使数据能容错和无缝的复制。

    Red Hat Ceph 3.x版本和4.x版本中的RadosGW存在注入漏洞。该漏洞源于用户输入构造命令、数据结构或记录的操作过程中,网络系统或产品缺乏对用户输入数据的正确验证,未过滤或未正确过滤掉其中的特殊元素,导致系统或产品产生解析或解释方式错误。

    CVE-2020-10736

    Red Hat Ceph是美国红帽(Red Hat)公司的一套Linux PB级分布式文件系统。该系统的主要目标是设计成基于POSIX(可移植操作系统接口)的没有单点故障的分布式文件系统,使数据能容错和无缝的复制。

    Red Hat Ceph 15.2.2之前的15.2.0版本中存在授权问题漏洞,该漏洞源于ceph-monceph-mgr守护进程没有正确限制访问。攻击者可利用该漏洞修改配置或可能发起进一步攻击。

    CVE-2020-25660

    Red Hat Ceph是美国红帽(Red Hat)公司的一套Linux PB级分布式文件系统。该系统的主要目标是设计成基于POSIX(可移植操作系统接口)的没有单点故障的分布式文件系统,使数据能容错和无缝的复制。

    ceph 14.2.5版本存在安全漏洞,该漏洞源于ceph无法正确验证客户端,攻击者都可以使用此漏洞向ceph服务进行身份验证,并执行ceph服务允许的操作。

2.影响的操作系统

    银河麒麟桌面操作系统V10 SP1

    

3.修复版本

    软件包:ceph

    15.2.7-0kylin0.20.04.2(V10 SP1)

    

4.受影响的软件包

    ·银河麒麟桌面操作系统V10 SP1

    ceph

    ceph-base

    ceph-common

    ceph-fuse

    ceph-immutable-object-cache

    ceph-mds

    ceph-mgr

    ceph-mgr-cephadm

    ceph-mgr-dashboard

    ceph-mgr-diskprediction-cloud

    ceph-mgr-diskprediction-local

    ceph-mgr-k8sevents

    ceph-mgr-modules-core

    ceph-mgr-rook

    ceph-mon

    ceph-osd

    ceph-resource-agents

    cephadm

    cephfs-shell

    libcephfs-dev

    libcephfs-java

    libcephfs-jni

    libcephfs2

    librados-dev

    librados2

    libradospp-dev

    libradosstriper-dev

    libradosstriper1

    librbd-dev

    librbd1

    librgw-dev

    librgw2

    python3-ceph

    python3-ceph-argparse

    python3-ceph-common

    python3-cephfs

    python3-rados

    python3-rbd

    python3-rgw

    rados-objclass-dev

    radosgw

    rbd-fuse

    rbd-mirror

    rbd-nbd

    

5.修复方法

方法一:配置源进行升级安装

    打开软件包源配置文件,根据仓库地址进行修改。

    4.0.2桌面版本:

    http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2-desktop main restricted universe multiverse

    4.0.2-sp1桌面版本:

    http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp1-desktop main restricted universe multiverse

    4.0.2-sp2桌面版本:

    http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp2-desktop main restricted universe multiverse

    4.0.2-sp3桌面版本:

    http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp3-desktop main restricted universe multiverse

    4.0.2-sp4桌面版本:

    http://archive.kylinos.cn/kylin/KYLIN-ALL 4.0.2sp4-desktop main restricted universe multiverse

    10.0版本:

    http://archive.kylinos.cn/kylin/KYLIN-ALL 10.0 main restricted universe multiverse

    10SP1版本:

    http://archive.kylinos.cn/kylin/KYLIN-ALL 10.1 main restricted universe multiverse

    配置完成后执行更新命令进行升级

    $sudo apt update

方法二:下载安装包进行升级安装

    通过软件包地址下载软件包,使用软件包升级命令根据受影响的组件包列表 升级相关的组件包。

    $dpkg -i Packagelists

    

6.软件包下载地址

银河麒麟操作系统桌面版V10 SP1

X86_64软件包下载地址

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-base_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-common_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-fuse_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-immutable-object-cache_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mds_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-cephadm_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-dashboard_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-diskprediction-cloud_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-diskprediction-local_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-k8sevents_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-modules-core_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-rook_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mon_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-osd_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-resource-agents_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/cephadm_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/cephfs-shell_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libcephfs-dev_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libcephfs-java_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libcephfs-jni_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libcephfs2_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librados-dev_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librados2_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libradospp-dev_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libradosstriper-dev_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libradosstriper1_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librbd-dev_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librbd1_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librgw-dev_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librgw2_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-ceph-argparse_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-ceph-common_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-ceph_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-cephfs_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-rados_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-rbd_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-rgw_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/rados-objclass-dev_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/radosgw_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/rbd-fuse_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/rbd-mirror_15.2.7-0kylin0.20.04.2_amd64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/rbd-nbd_15.2.7-0kylin0.20.04.2_amd64.deb

arm64软件包下载地址

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-base_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-common_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-immutable-object-cache_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mds_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-cephadm_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-dashboard_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-diskprediction-cloud_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-diskprediction-local_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-k8sevents_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-modules-core_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-rook_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mon_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-osd_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-resource-agents_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/cephadm_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/cephfs-shell_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libcephfs-dev_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libcephfs-java_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libcephfs-jni_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libcephfs2_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librados-dev_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librados2_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libradospp-dev_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libradosstriper-dev_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libradosstriper1_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librbd-dev_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librbd1_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librgw-dev_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/librgw2_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-ceph-argparse_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-ceph-common_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-ceph_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-cephfs_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-rados_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-rbd_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-rgw_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/rados-objclass-dev_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/radosgw_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/rbd-fuse_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/rbd-mirror_15.2.7-0kylin0.20.04.2_arm64.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/rbd-nbd_15.2.7-0kylin0.20.04.2_arm64.deb

mips64el软件包下载地址

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-cephadm_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-dashboard_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-diskprediction-cloud_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-diskprediction-local_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-k8sevents_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-modules-core_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-mgr-rook_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/ceph-resource-agents_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/cephfs-shell_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/libcephfs-java_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-ceph-common_15.2.7-0kylin0.20.04.2_all.deb

http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/c/ceph/python3-ceph_15.2.7-0kylin0.20.04.2_all.deb


上一篇: KYSA-202101-0043 下一篇: KYSA-202101-0045

试用

服务

动态

联系