Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2021-20288: update ceph clients to v15.2.11 #1995

Closed
gman0 opened this issue Apr 20, 2021 · 3 comments
Closed

CVE-2021-20288: update ceph clients to v15.2.11 #1995

gman0 opened this issue Apr 20, 2021 · 3 comments
Assignees
@Madhu-1
Labels
component/build Issues and PRs related to compiling Ceph-CSI dependency/ceph depends on core Ceph functionality
Milestone
release-3.3.1

Comments

@gman0
Copy link
Contributor

gman0 commented Apr 20, 2021

The latest ceph-csi images v3.3.0 contain ceph version 15.2.10 (27917a557cca91e4da407489bbaa64ad4352cc02) octopus (stable). Just yesterday there was a security announcement CVE-2021-20288 and it's advised that all Octopus users upgrade to v15.2.11.

https://ceph.io/releases/v15-2-11-octopus-released/
@Madhu-1
Copy link
Collaborator

Madhu-1 commented Apr 20, 2021

the docker image is updated in docker hub

docker inspect ceph/ceph:v15 |grep CEPH_POINT_RELEASE
                "CEPH_POINT_RELEASE=-15.2.11",
                "CEPH_POINT_RELEASE": "-15.2.11",
                "CEPH_POINT_RELEASE=-15.2.11",
                "CEPH_POINT_RELEASE": "-15.2.11",

next cephcsi release 3.3.1 should use 15.2.11 as the base image

@Madhu-1 Madhu-1 self-assigned this Apr 20, 2021
@Madhu-1 Madhu-1 added component/build Issues and PRs related to compiling Ceph-CSI dependency/ceph depends on core Ceph functionality labels Apr 20, 2021
@nixpanic nixpanic added this to the release-3.3.1 milestone Apr 20, 2021
@nixpanic
Copy link
Member

More details at https://docs.ceph.com/en/latest/security/CVE-2021-20288/

This does not seem critical for the components that Ceph-CSI deploys. Warnings can get logged on the Ceph cluster until the Ceph-CSI clients have been updated.

hswong3i added a commit to alvistack/ansible-role-ceph_mon that referenced this issue Apr 21, 2021
@hswong3i
https://github.com/ceph/ceph-csi/issues/1995
82b2400
This was referenced Apr 22, 2021
Closed
Merged
@Madhu-1
Copy link
Collaborator

Madhu-1 commented Apr 22, 2021

Fixed in #2009

@Madhu-1 Madhu-1 closed this as completed Apr 22, 2021
@nixpanic nixpanic mentioned this issue May 10, 2021
Closed
@Rakshith-R Rakshith-R mentioned this issue Mar 24, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Madhu-1 Madhu-1

Labels
component/build Issues and PRs related to compiling Ceph-CSI dependency/ceph depends on core Ceph functionality
Projects
None yet
Milestone
release-3.3.1
Development

No branches or pull requests
3 participants
@nixpanic @gman0 @Madhu-1