NS-SA-2026-0039
2026-03-27 21:27:27
简介
important: ceph/tongsuo security update
严重级别
important
主题
An update for ceph/tongsuo is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
ceph:
tongsuo:
Security Fix(es):
ceph: A vulnerability in the Ceph Rados Gateway (RadosGW) OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm (alg). This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid tokens without a signature.(CVE-2024-48916)
ceph: bugfix
tongsuo: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.(CVE-2025-9230)
tongsuo: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.06B7.
影响组件
影响产品
更新包
{"fix":[{"product":"CGSL MAIN 7.02","pkgs":[{"binary":["rbd-nbd-17.2.5-5.zncgsl7.11.x86_64.rpm","rbd-fuse-17.2.5-5.zncgsl7.11.x86_64.rpm","rados-objclass-devel-17.2.5-5.zncgsl7.11.x86_64.rpm","rbd-mirror-17.2.5-5.zncgsl7.11.x86_64.rpm","python3-rgw-17.2.5-5.zncgsl7.11.x86_64.rpm","python3-rbd-17.2.5-5.zncgsl7.11.x86_64.rpm","python3-rados-17.2.5-5.zncgsl7.11.x86_64.rpm","python3-cephfs-17.2.5-5.zncgsl7.11.x86_64.rpm","python3-ceph-common-17.2.5-5.zncgsl7.11.x86_64.rpm","python3-ceph-argparse-17.2.5-5.zncgsl7.11.x86_64.rpm","librgw-devel-17.2.5-5.zncgsl7.11.x86_64.rpm","librbd-devel-17.2.5-5.zncgsl7.11.x86_64.rpm","librgw2-17.2.5-5.zncgsl7.11.x86_64.rpm","libradosstriper-devel-17.2.5-5.zncgsl7.11.x86_64.rpm","libradosstriper1-17.2.5-5.zncgsl7.11.x86_64.rpm","librbd1-17.2.5-5.zncgsl7.11.x86_64.rpm","librados-devel-17.2.5-5.zncgsl7.11.x86_64.rpm","libradospp-devel-17.2.5-5.zncgsl7.11.x86_64.rpm","librados2-17.2.5-5.zncgsl7.11.x86_64.rpm","libcephsqlite-17.2.5-5.zncgsl7.11.x86_64.rpm","libcephfs-devel-17.2.5-5.zncgsl7.11.x86_64.rpm","libcephsqlite-devel-17.2.5-5.zncgsl7.11.x86_64.rpm","libcephfs2-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-resource-agents-17.2.5-5.zncgsl7.11.noarch.rpm","cephfs-shell-17.2.5-5.zncgsl7.11.x86_64.rpm","cephfs-top-17.2.5-5.zncgsl7.11.noarch.rpm","ceph-volume-17.2.5-5.zncgsl7.11.noarch.rpm","cephadm-17.2.5-5.zncgsl7.11.noarch.rpm","cephfs-mirror-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-mon-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-mgr-rook-17.2.5-5.zncgsl7.11.noarch.rpm","ceph-prometheus-alerts-17.2.5-5.zncgsl7.11.noarch.rpm","ceph-mgr-cephadm-17.2.5-5.zncgsl7.11.noarch.rpm","ceph-mgr-modules-core-17.2.5-5.zncgsl7.11.noarch.rpm","ceph-selinux-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-mgr-k8sevents-17.2.5-5.zncgsl7.11.noarch.rpm","ceph-grafana-dashboards-17.2.5-5.zncgsl7.11.noarch.rpm","ceph-fuse-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-exporter-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-immutable-object-cache-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-mgr-dashboard-17.2.5-5.zncgsl7.11.noarch.rpm","ceph-mds-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-mgr-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-base-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-mgr-diskprediction-local-17.2.5-5.zncgsl7.11.noarch.rpm","ceph-radosgw-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-osd-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-common-17.2.5-5.zncgsl7.11.x86_64.rpm","ceph-test-17.2.5-5.zncgsl7.11.x86_64.rpm"],"source":"ceph-17.2.5-5.zncgsl7.11.src.rpm"},{"binary":["tongsuo-core-8.3.3-5.zncgsl7.23.x86_64.rpm","tongsuo-8.3.3-5.zncgsl7.23.x86_64.rpm"],"source":"tongsuo-8.3.3-5.zncgsl7.23.src.rpm"}]}]}
CVE
参考