Test ID:	1.3.6.1.4.1.25623.1.1.10.2023.0139
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2023-0139)
Summary:	The remote host is missing an update for the 'ceph' package(s) announced via the MGASA-2023-0139 advisory.
Description:	Summary: The remote host is missing an update for the 'ceph' package(s) announced via the MGASA-2023-0139 advisory. Vulnerability Insight: Openstack manilla owning a Ceph File system 'share', enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the 'volumes' plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. (CVE-2022-0670) Privilege escalation and privileged information disclosure (CVE-2022-3650) Affected Software/OS: 'ceph' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 9.4 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-0670 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT/ https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/ Common Vulnerability Exposure (CVE) ID: CVE-2022-3650 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OEVVWT5ZFLYCVZNDJTDX7R6RY2W7JHP5/ https://security.gentoo.org/glsa/202312-10 https://seclists.org/oss-sec/2022/q4/41
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.