Bug 2293103

Summary: CVE-2023-29405 golang: cmd/cgo: Arbitratry code execution triggered by linker flags [ceph-5]
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Sage McTaggart <amctagga>
Component: SecurityAssignee: Sage McTaggart <amctagga>
Status: CLOSED ERRATA QA Contact: Vinayak Papnoi <vpapnoi>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 3.3CC: amctagga, aoconnor, bniver, ceph-eng-bugs, cephqe-warriors, flucifre, gmeno, mbenjamin, mhackett, psampaio, sostapov, tserlin, vdas, vereddy, vpapnoi
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: 5.3z7   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: component:golang
Fixed In Version: ceph-16.2.10-266.el8cp Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 2217615 Environment:
Last Closed: 2024-06-26 09:22:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2217615    
Bug Blocks: 2217569    

Description Sage McTaggart 2024-06-19 17:37:15 UTC 
+++ This bug was initially created as a clone of Bug #2217615 +++

ceph-5 tracking bug for golang: see the bugs linked in the "Blocks" field of this bug for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes in the blocked bugs.

Impact: Critical
Reported Date: 08-Jun-2023
Resolve Bug By: 15-Jun-2023

In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then.

Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9kKpDw


this is fixed in 5.3z7
Comment 7 errata-xmlrpc 2024-06-26 09:22:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Updated rhceph-5.3 container image and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:4119