An update for ceph is now available for HCE 3.0

HCE3-SA-2025-0077 An update for ceph is now available for HCE 3.0 Critical HCE 3.0 Security Fix(es): A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. (CVE-2022-3650) IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. (CVE-2023-46159) A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. (CVE-2021-3524) A flaw was found in rgw. This flaw allows an unprivileged user to write to any bucket(s) accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket accessible by the specified access key as long as the bucket in the POST policy matches the bucket in the said POST form part. (CVE-2023-43040) User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0. (CVE-2020-27781) A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2. (CVE-2022-0670) A vulnerability in the Ceph Rados Gateway (RadosGW) OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm (alg). This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid tokens without a signature. (CVE-2024-48916) A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. (CVE-2022-3854) It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. (CVE-2018-14662) HCE 3.0 libcephfs2-18.2.2-6.r1.hce3.x86_64.rpm libcephfs-devel-18.2.2-6.r1.hce3.x86_64.rpm libcephsqlite-18.2.2-6.r1.hce3.x86_64.rpm libcephsqlite-devel-18.2.2-6.r1.hce3.x86_64.rpm librados2-18.2.2-6.r1.hce3.x86_64.rpm libradospp-devel-18.2.2-6.r1.hce3.x86_64.rpm libradosstriper1-18.2.2-6.r1.hce3.x86_64.rpm libradosstriper-devel-18.2.2-6.r1.hce3.x86_64.rpm librados-devel-18.2.2-6.r1.hce3.x86_64.rpm librbd1-18.2.2-6.r1.hce3.x86_64.rpm librbd-devel-18.2.2-6.r1.hce3.x86_64.rpm librgw2-18.2.2-6.r1.hce3.x86_64.rpm librgw-devel-18.2.2-6.r1.hce3.x86_64.rpm rados-objclass-devel-18.2.2-6.r1.hce3.x86_64.rpm libcephfs2-18.2.2-6.r1.hce3.aarch64.rpm libcephfs-devel-18.2.2-6.r1.hce3.aarch64.rpm libcephsqlite-18.2.2-6.r1.hce3.aarch64.rpm libcephsqlite-devel-18.2.2-6.r1.hce3.aarch64.rpm librados2-18.2.2-6.r1.hce3.aarch64.rpm libradospp-devel-18.2.2-6.r1.hce3.aarch64.rpm libradosstriper1-18.2.2-6.r1.hce3.aarch64.rpm libradosstriper-devel-18.2.2-6.r1.hce3.aarch64.rpm librados-devel-18.2.2-6.r1.hce3.aarch64.rpm librbd1-18.2.2-6.r1.hce3.aarch64.rpm librbd-devel-18.2.2-6.r1.hce3.aarch64.rpm librgw2-18.2.2-6.r1.hce3.aarch64.rpm librgw-devel-18.2.2-6.r1.hce3.aarch64.rpm rados-objclass-devel-18.2.2-6.r1.hce3.aarch64.rpm