From 39d12674b784a3422b4c70353733be054fac062a Mon Sep 17 00:00:00 2001 From: Zac Dover Date: Mon, 10 Oct 2022 00:56:37 +1000 Subject: [PATCH] doc/releases: update pacific release notes This commit updates the Pacific release notes, which were not present until now. Signed-off-by: Zac Dover --- doc/architecture.rst | 2 +- doc/rados/operations/crush-map-edits.rst | 2 +- doc/rados/operations/crush-map.rst | 3 +- doc/releases/general.rst | 15 ++- doc/releases/pacific.rst | 35 ++++++ doc/releases/releases.yml | 26 +++++ doc/security/CVE-2022-0670.rst | 43 ++++++++ doc/security/cves.rst | 134 ++++++++++++----------- doc/start/hardware-recommendations.rst | 4 +- 9 files changed, 192 insertions(+), 72 deletions(-) create mode 100644 doc/security/CVE-2022-0670.rst diff --git a/doc/architecture.rst b/doc/architecture.rst index c7efe6d14c29..7d3fb703a905 100644 --- a/doc/architecture.rst +++ b/doc/architecture.rst @@ -1625,7 +1625,7 @@ instance for high availability. .. _Monitoring OSDs and PGs: ../rados/operations/monitoring-osd-pg .. _Heartbeats: ../rados/configuration/mon-osd-interaction .. _Monitoring OSDs: ../rados/operations/monitoring-osd-pg/#monitoring-osds -.. _CRUSH - Controlled, Scalable, Decentralized Placement of Replicated Data: https://ceph.com/wp-content/uploads/2016/08/weil-crush-sc06.pdf +.. _CRUSH - Controlled, Scalable, Decentralized Placement of Replicated Data: https://ceph.io/assets/pdfs/weil-crush-sc06.pdf .. _Data Scrubbing: ../rados/configuration/osd-config-ref#scrubbing .. _Report Peering Failure: ../rados/configuration/mon-osd-interaction#osds-report-peering-failure .. _Troubleshooting Peering Failure: ../rados/troubleshooting/troubleshooting-pg#placement-group-down-peering-failure diff --git a/doc/rados/operations/crush-map-edits.rst b/doc/rados/operations/crush-map-edits.rst index 51f671f230a3..e324e6345f60 100644 --- a/doc/rados/operations/crush-map-edits.rst +++ b/doc/rados/operations/crush-map-edits.rst @@ -744,4 +744,4 @@ Further, as noted above, be careful running old versions of the ``ceph-osd`` daemon after reverting to legacy values as the feature bit is not perfectly enforced. -.. _CRUSH - Controlled, Scalable, Decentralized Placement of Replicated Data: https://ceph.com/wp-content/uploads/2016/08/weil-crush-sc06.pdf +.. _CRUSH - Controlled, Scalable, Decentralized Placement of Replicated Data: https://ceph.io/assets/pdfs/weil-crush-sc06.pdf diff --git a/doc/rados/operations/crush-map.rst b/doc/rados/operations/crush-map.rst index f7eff35b736d..cc80666d43c3 100644 --- a/doc/rados/operations/crush-map.rst +++ b/doc/rados/operations/crush-map.rst @@ -953,8 +953,7 @@ release notes and documentation carefully before changing the profile on a running cluster, and consider throttling recovery/backfill parameters to limit the impact of a bolus of backfill. - -.. _CRUSH - Controlled, Scalable, Decentralized Placement of Replicated Data: https://ceph.com/wp-content/uploads/2016/08/weil-crush-sc06.pdf +.. _CRUSH - Controlled, Scalable, Decentralized Placement of Replicated Data: https://ceph.io/assets/pdfs/weil-crush-sc06.pdf Primary Affinity diff --git a/doc/releases/general.rst b/doc/releases/general.rst index be1ee9b4e910..000e67efb994 100644 --- a/doc/releases/general.rst +++ b/doc/releases/general.rst @@ -119,7 +119,20 @@ Detailed information on all releases, past and present, can be found at :ref:`ce Release timeline ---------------- -.. ceph_timeline:: releases.yml development octopus nautilus mimic luminous kraken jewel infernalis hammer giant firefly +.. ceph_timeline:: releases.yml development pacific octopus nautilus mimic luminous kraken jewel infernalis hammer giant + +.. _Pacific: ../pacific +.. _16.2.10: ../pacific#v16-2-10-pacific +.. _16.2.9: ../pacific#v16-2-9-pacific +.. _16.2.8: ../pacific#v16-2-8-pacific +.. _16.2.7: ../pacific#v16-2-7-pacific +.. _16.2.6: ../pacific#v16-2-6-pacific +.. _16.2.5: ../pacific#v16-2-5-pacific +.. _16.2.4: ../pacific#v16-2-4-pacific +.. _16.2.3: ../pacific#v16-2-3-pacific +.. _16.2.2: ../pacific#v16-2-2-pacific +.. _16.2.1: ../pacific#v16-2-1-pacific +.. _16.2.0: ../pacific#v16-2-0-pacific .. _Octopus: ../octopus .. _15.2.7: ../octopus#v15-2-7-octopus diff --git a/doc/releases/pacific.rst b/doc/releases/pacific.rst index 6f75246cd502..941d4ac22149 100644 --- a/doc/releases/pacific.rst +++ b/doc/releases/pacific.rst @@ -2,6 +2,41 @@ Pacific ======= +v16.2.10 Pacific +================ + +This is a hotfix release that resolves two security flaws. + +Notable Changes +--------------- +* Users who were running OpenStack Manila to export native CephFS, who + upgraded their Ceph cluster from Nautilus (or earlier) to a later + major version, were vulnerable to an attack by malicious users. The + vulnerability allowed users to obtain access to arbitrary portions of + the CephFS filesystem hierarchy, instead of being properly restricted + to their own subvolumes. The vulnerability is due to a bug in the + "volumes" plugin in Ceph Manager. This plugin is responsible for + managing Ceph File System subvolumes which are used by OpenStack + Manila services as a way to provide shares to Manila users. + + With this hotfix, the vulnerability is fixed. Administrators who are + concerned they may have been impacted should audit the CephX keys in + their cluster for proper path restrictions. + + Again, this vulnerability only impacts OpenStack Manila clusters which + provided native CephFS access to their users. + +* A regression made it possible to dereference a null pointer for + for s3website requests that don't refer to a bucket resulting in an RGW + segfault. + +Changelog +--------- +* mgr/volumes: Fix subvolume discover during upgrade (:ref:`CVE-2022-0670`, Kotresh HR) +* mgr/volumes: V2 Fix for test_subvolume_retain_snapshot_invalid_recreate (:ref:`CVE-2022-0670`, Kotresh HR) +* qa: validate subvolume discover on upgrade (Kotresh HR) +* rgw: s3website check for bucket before retargeting (Seena Fallah) + v16.2.9 Pacific =============== diff --git a/doc/releases/releases.yml b/doc/releases/releases.yml index 44cbfdcec93a..ae7767156554 100644 --- a/doc/releases/releases.yml +++ b/doc/releases/releases.yml @@ -12,6 +12,32 @@ # If a version might represent an actual number (e.g. 0.80) quote it. # releases: + pacific: + target_eol: 2023-06-01 + releases: + - version: 16.2.10 + released: 2022-07-21 + - version: 16.2.9 + released: 2022-05-19 + - version: 16.2.8 + released: 2022-05-16 + - version: 16.2.7 + released: 2021-12-14 + - version: 16.2.6 + released: 2021-09-16 + - version: 16.2.5 + released: 2021-07-08 + - version: 16.2.4 + released: 2021-05-13 + - version: 16.2.3 + released: 2021-05-06 + - version: 16.2.2 + released: 2021-05-05 + - version: 16.2.1 + released: 2021-04-19 + - version: 16.2.0 + released: 2021-03-31 + octopus: target_eol: 2022-06-01 releases: diff --git a/doc/security/CVE-2022-0670.rst b/doc/security/CVE-2022-0670.rst new file mode 100644 index 000000000000..557707fecea2 --- /dev/null +++ b/doc/security/CVE-2022-0670.rst @@ -0,0 +1,43 @@ +.. _CVE-2022-0670: + +CVE-2022-0670: Native-CephFS Manila Path-restriction bypass +=========================================================== + +Summary +------- + +Users who were running OpenStack Manila to export native CephFS, who +upgraded their Ceph cluster from Nautilus (or earlier) to a later +major version, were vulnerable to an attack by malicious users. The +vulnerability allowed users to obtain access to arbitrary portions of +the CephFS filesystem hierarchy, instead of being properly restricted +to their own subvolumes. The vulnerability is due to a bug in the +"volumes" plugin in Ceph Manager. This plugin is responsible for +managing Ceph File System subvolumes which are used by OpenStack +Manila services as a way to provide shares to Manila users. + +Again, this vulnerability only impacts OpenStack Manila clusters which +provided native CephFS access to their users. + +Affected versions +----------------- + +Any version of Ceph running OpenStack Manila that was upgraded from Nautilus +or earlier. + +Fixed versions +-------------- + +* Quincy v17.2.2 (and later) +* Pacific v16.2.10 (and later) +* Octopus fix is forthcoming + +Recommendations +--------------- + +#. Users should upgrade to a patched version of Ceph at their earliest + convenience. + +#. Administrators who are + concerned they may have been impacted should audit the CephX keys in + their cluster for proper path restrictions. diff --git a/doc/security/cves.rst b/doc/security/cves.rst index 223b61634fd4..8bbccbf64d6e 100644 --- a/doc/security/cves.rst +++ b/doc/security/cves.rst @@ -2,81 +2,85 @@ Past vulnerabilities ==================== -+------------+-------------------+-------------+--------------------------------------------+ -| Published | CVE | Severity | Summary | -+------------+-------------------+-------------+--------------------------------------------+ -| 2021-05-13 | `CVE-2021-3531`_ | Medium | Swift API denial of service | -+------------+-------------------+-------------+--------------------------------------------+ -| 2021-05-13 | `CVE-2021-3524`_ | Medium | HTTP header injects via CORS in RGW | -+------------+-------------------+-------------+--------------------------------------------+ -| 2021-05-13 | `CVE-2021-3509`_ | High | Dashboard XSS via token cookie | -+------------+-------------------+-------------+--------------------------------------------+ -| 2021-04-14 | `CVE-2021-20288`_ | High | Unauthorized global_id reuse in cephx | -+------------+-------------------+-------------+--------------------------------------------+ -| 2020-12-18 | `CVE-2020-27781`_ | 7.1 High | CephFS creds read/modified by Manila users | -+------------+-------------------+-------------+--------------------------------------------+ -| 2021-01-08 | `CVE-2020-25678`_ | 4.9 Medium | mgr module passwords in clear text | -+------------+-------------------+-------------+--------------------------------------------+ -| 2020-12-07 | `CVE-2020-25677`_ | 5.5 Medium | ceph-ansible iscsi-gateway.conf perm | -+------------+-------------------+-------------+--------------------------------------------+ -| 2020-11-23 | `CVE-2020-25660`_ | 8.8 High | Cephx replay vulnerability | -+------------+-------------------+-------------+--------------------------------------------+ -| 2020-04-22 | `CVE-2020-12059`_ | 7.5 High | malformed POST could crash RGW | -+------------+-------------------+-------------+--------------------------------------------+ -| 2020-06-26 | `CVE-2020-10753`_ | 6.5 Medium | HTTP header injects via CORS in RGW | -+------------+-------------------+-------------+--------------------------------------------+ -| 2020-06-22 | `CVE-2020-10736`_ | 8.0 High | authorization bypass in mon and mgr | -+------------+-------------------+-------------+--------------------------------------------+ -| 2020-04-23 | `CVE-2020-1760`_ | 6.1 Medium | potential RGW XSS attack | -+------------+-------------------+-------------+--------------------------------------------+ -| 2020-04-13 | `CVE-2020-1759`_ | 6.8 Medium | Cephx nonce reuse in secure mode | -+------------+-------------------+-------------+--------------------------------------------+ -| 2020-02-07 | `CVE-2020-1700`_ | 6.5 Medium | RGW disconnects leak sockets, can DoS | -+------------+-------------------+-------------+--------------------------------------------+ -| 2020-04-21 | `CVE-2020-1699`_ | 7.5 High | Dashboard path traversal flaw | -+------------+-------------------+-------------+--------------------------------------------+ -| 2019-12-23 | `CVE-2019-19337`_ | 6.5 Medium | RGW DoS via malformed headers | -+------------+-------------------+-------------+--------------------------------------------+ -| 2019-11-08 | `CVE-2019-10222`_ | 7.5 High | Invalid HTTP headers could crash RGW | -+------------+-------------------+-------------+--------------------------------------------+ -| 2019-03-27 | `CVE-2019-3821`_ | 7.5 High | RGW file descriptors could be exhausted | -+------------+-------------------+-------------+--------------------------------------------+ -| 2019-01-28 | `CVE-2018-16889`_ | 7.5 High | encryption keys logged in plaintext | -+------------+-------------------+-------------+--------------------------------------------+ -| 2019-01-15 | `CVE-2018-16846`_ | 6.5 Medium | authenticated RGW users can cause DoS | -+------------+-------------------+-------------+--------------------------------------------+ -| 2019-01-15 | `CVE-2018-14662`_ | 5.7 Medium | read-only users could steal dm-crypt keys | -+------------+-------------------+-------------+--------------------------------------------+ -| 2018-07-10 | `CVE-2018-10861`_ | 8.1 High | authenticated user can create/delete pools | -+------------+-------------------+-------------+--------------------------------------------+ -| 2018-03-19 | `CVE-2018-7262`_ | 7.5 High | malformed headers can cause RGW DoS | -+------------+-------------------+-------------+--------------------------------------------+ -| 2018-07-10 | `CVE-2018-1129`_ | 6.5 Medium | network MITM can tamper with messages | -+------------+-------------------+-------------+--------------------------------------------+ -| 2018-07-10 | `CVE-2018-1128`_ | 7.5 High | Cephx replay vulnerability | -+------------+-------------------+-------------+--------------------------------------------+ -| 2018-07-27 | `CVE-2017-7519`_ | 4.4 Medium | libradosstriper unvalidated format string | -+------------+-------------------+-------------+--------------------------------------------+ -| 2018-08-01 | `CVE-2016-9579`_ | 7.6 High | potential RGW XSS attack | -+------------+-------------------+-------------+--------------------------------------------+ -| 2018-07-31 | `CVE-2016-8626`_ | 6.5 Medium | malformed POST can DoS RGW | -+------------+-------------------+-------------+--------------------------------------------+ -| 2016-10-03 | `CVE-2016-7031`_ | 7.5 High | RGW unauthorized bucket listing | -+------------+-------------------+-------------+--------------------------------------------+ -| 2016-07-12 | `CVE-2016-5009`_ | 6.5 Medium | mon command handler DoS | -+------------+-------------------+-------------+--------------------------------------------+ -| 2016-12-03 | `CVE-2015-5245`_ | | RGW header injection | -+------------+-------------------+-------------+--------------------------------------------+ ++------------+-------------------+-------------+---------------------------------------------+ +| Published | CVE | Severity | Summary | ++------------+-------------------+-------------+---------------------------------------------+ +| 2022-07-21 | `CVE-2022-0670`_ | Medium | Native-CephFS Manila Path-restriction bypass| ++------------+-------------------+-------------+---------------------------------------------+ +| 2021-05-13 | `CVE-2021-3531`_ | Medium | Swift API denial of service | ++------------+-------------------+-------------+---------------------------------------------+ +| 2021-05-13 | `CVE-2021-3524`_ | Medium | HTTP header injects via CORS in RGW | ++------------+-------------------+-------------+---------------------------------------------+ +| 2021-05-13 | `CVE-2021-3509`_ | High | Dashboard XSS via token cookie | ++------------+-------------------+-------------+---------------------------------------------+ +| 2021-04-14 | `CVE-2021-20288`_ | High | Unauthorized global_id reuse in cephx | ++------------+-------------------+-------------+---------------------------------------------+ +| 2020-12-18 | `CVE-2020-27781`_ | 7.1 High | CephFS creds read/modified by Manila users | ++------------+-------------------+-------------+---------------------------------------------+ +| 2021-01-08 | `CVE-2020-25678`_ | 4.9 Medium | mgr module passwords in clear text | ++------------+-------------------+-------------+---------------------------------------------+ +| 2020-12-07 | `CVE-2020-25677`_ | 5.5 Medium | ceph-ansible iscsi-gateway.conf perm | ++------------+-------------------+-------------+---------------------------------------------+ +| 2020-11-23 | `CVE-2020-25660`_ | 8.8 High | Cephx replay vulnerability | ++------------+-------------------+-------------+---------------------------------------------+ +| 2020-04-22 | `CVE-2020-12059`_ | 7.5 High | malformed POST could crash RGW | ++------------+-------------------+-------------+---------------------------------------------+ +| 2020-06-26 | `CVE-2020-10753`_ | 6.5 Medium | HTTP header injects via CORS in RGW | ++------------+-------------------+-------------+---------------------------------------------+ +| 2020-06-22 | `CVE-2020-10736`_ | 8.0 High | authorization bypass in mon and mgr | ++------------+-------------------+-------------+---------------------------------------------+ +| 2020-04-23 | `CVE-2020-1760`_ | 6.1 Medium | potential RGW XSS attack | ++------------+-------------------+-------------+---------------------------------------------+ +| 2020-04-13 | `CVE-2020-1759`_ | 6.8 Medium | Cephx nonce reuse in secure mode | ++------------+-------------------+-------------+---------------------------------------------+ +| 2020-02-07 | `CVE-2020-1700`_ | 6.5 Medium | RGW disconnects leak sockets, can DoS | ++------------+-------------------+-------------+---------------------------------------------+ +| 2020-04-21 | `CVE-2020-1699`_ | 7.5 High | Dashboard path traversal flaw | ++------------+-------------------+-------------+---------------------------------------------+ +| 2019-12-23 | `CVE-2019-19337`_ | 6.5 Medium | RGW DoS via malformed headers | ++------------+-------------------+-------------+---------------------------------------------+ +| 2019-11-08 | `CVE-2019-10222`_ | 7.5 High | Invalid HTTP headers could crash RGW | ++------------+-------------------+-------------+---------------------------------------------+ +| 2019-03-27 | `CVE-2019-3821`_ | 7.5 High | RGW file descriptors could be exhausted | ++------------+-------------------+-------------+---------------------------------------------+ +| 2019-01-28 | `CVE-2018-16889`_ | 7.5 High | encryption keys logged in plaintext | ++------------+-------------------+-------------+---------------------------------------------+ +| 2019-01-15 | `CVE-2018-16846`_ | 6.5 Medium | authenticated RGW users can cause DoS | ++------------+-------------------+-------------+---------------------------------------------+ +| 2019-01-15 | `CVE-2018-14662`_ | 5.7 Medium | read-only users could steal dm-crypt keys | ++------------+-------------------+-------------+---------------------------------------------+ +| 2018-07-10 | `CVE-2018-10861`_ | 8.1 High | authenticated user can create/delete pools | ++------------+-------------------+-------------+---------------------------------------------+ +| 2018-03-19 | `CVE-2018-7262`_ | 7.5 High | malformed headers can cause RGW DoS | ++------------+-------------------+-------------+---------------------------------------------+ +| 2018-07-10 | `CVE-2018-1129`_ | 6.5 Medium | network MITM can tamper with messages | ++------------+-------------------+-------------+---------------------------------------------+ +| 2018-07-10 | `CVE-2018-1128`_ | 7.5 High | Cephx replay vulnerability | ++------------+-------------------+-------------+---------------------------------------------+ +| 2018-07-27 | `CVE-2017-7519`_ | 4.4 Medium | libradosstriper unvalidated format string | ++------------+-------------------+-------------+---------------------------------------------+ +| 2018-08-01 | `CVE-2016-9579`_ | 7.6 High | potential RGW XSS attack | ++------------+-------------------+-------------+---------------------------------------------+ +| 2018-07-31 | `CVE-2016-8626`_ | 6.5 Medium | malformed POST can DoS RGW | ++------------+-------------------+-------------+---------------------------------------------+ +| 2016-10-03 | `CVE-2016-7031`_ | 7.5 High | RGW unauthorized bucket listing | ++------------+-------------------+-------------+---------------------------------------------+ +| 2016-07-12 | `CVE-2016-5009`_ | 6.5 Medium | mon command handler DoS | ++------------+-------------------+-------------+---------------------------------------------+ +| 2016-12-03 | `CVE-2015-5245`_ | | RGW header injection | ++------------+-------------------+-------------+---------------------------------------------+ .. toctree:: :hidden: :maxdepth: 0 + CVE-2022-0670 CVE-2021-3531 CVE-2021-3524 CVE-2021-3509 CVE-2021-20288 +.. _CVE-2022-0670: ../CVE-2022-0670 .. _CVE-2021-3531: ../CVE-2021-3531 .. _CVE-2021-3524: ../CVE-2021-3524 .. _CVE-2021-3509: ../CVE-2021-3509 diff --git a/doc/start/hardware-recommendations.rst b/doc/start/hardware-recommendations.rst index a4e1ef5e0868..bf8eca4ba5df 100644 --- a/doc/start/hardware-recommendations.rst +++ b/doc/start/hardware-recommendations.rst @@ -77,7 +77,7 @@ Metadata servers (ceph-mds) The metadata daemon memory utilization depends on how much memory its cache is configured to consume. We recommend 1 GB as a minimum for most systems. See -`mds_cache_memory_limit`. +``mds_cache_memory``. Memory ====== @@ -147,7 +147,7 @@ per gigabyte (i.e., $150 / 3072 = 0.0488). In the foregoing example, using the .. tip:: Running multiple OSDs on a single SAS / SATA drive is **NOT** a good idea. NVMe drives, however, can achieve - improved performance by being split into two more more OSDs. + improved performance by being split into two or more OSDs. .. tip:: Running an OSD and a monitor or a metadata server on a single drive is also **NOT** a good idea. -- 2.47.3