2293103 – CVE-2023-29405 golang: cmd/cgo: Arbitratry code execution triggered by linker flags [ceph-5]

Bug 2293103 - CVE-2023-29405 golang: cmd/cgo: Arbitratry code execution triggered by linker flags [ceph-5]

Summary: CVE-2023-29405 golang: cmd/cgo: Arbitratry code execution triggered by linker...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Security
Sub Component:
Version:	3.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	5.3z7
Assignee:	Sage McTaggart
QA Contact:	Vinayak Papnoi
Docs Contact:
URL:
Whiteboard:	component:golang
Depends On:	2217615
Blocks:	CVE-2023-29405
TreeView+	depends on / blocked

Reported:	2024-06-19 17:37 UTC by Sage McTaggart
Modified:	2024-06-26 09:23 UTC (History)
CC List:	15 users (show)
Fixed In Version:	ceph-16.2.10-266.el8cp
Doc Type:	No Doc Update
Doc Text:
Clone Of:	2217615
Environment:
Last Closed:	2024-06-26 09:22:58 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-9198	0	None	None	None	2024-06-19 17:37:57 UTC
Red Hat Product Errata	RHSA-2024:4119	0	None	None	None	2024-06-26 09:23:06 UTC

Description Sage McTaggart 2024-06-19 17:37:15 UTC

+++ This bug was initially created as a clone of Bug #2217615 +++

ceph-5 tracking bug for golang: see the bugs linked in the "Blocks" field of this bug for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes in the blocked bugs.

Impact: Critical
Reported Date: 08-Jun-2023
Resolve Bug By: 15-Jun-2023

In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then.

Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9kKpDw


this is fixed in 5.3z7

Comment 7 errata-xmlrpc 2024-06-26 09:22:58 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Updated rhceph-5.3 container image and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:4119

Note You need to log in before you can comment on or make changes to this bug.