librados2 security updates not included base RHEL7 channel

Solution Unverified - Updated -

Issue

  • In base RHEL7 (rhel-7-server-rpms), the latest version of librados2 is 0.94.5-1. There have been multiple security updates to librados2 in the Ceph 1.3 and Ceph 2 storage channels, but not the base RHEL7 channel. Since librados2 is a requirement for device-mapper-multipath-libs, we need this library for systems that use multipath. Our vulnerability scanner is reporting that our librados2 library is out of date.

        • 0.94.5-1 - latest rhel-7-server-rpms
        • 0.94.9-9.el7cp - latest rhel-7-server-rhceph-1.3-tools-rpms
        • 10.2.5-37.el7cp - latest from rhel-7-server-rhceph-2-tools-rpms
  • Updates that are missing from base RHEL7:
https://access.redhat.com/errata/RHSA-2016:2954 CVE-2016-9579 librados2-10.2.3-17.el7cp.x86_64.rpm
https://access.redhat.com/errata/RHSA-2016:2847 CVE-2016-8626 librados2-0.94.9-8.el7cp.x86_64.rpm
https://access.redhat.com/errata/RHSA-2016:2815 CVE-2016-8626 librados2-10.2.3-13.el7cp.x86_64.rpm 
https://access.redhat.com/errata/RHSA-2016:1972 CVE-2016-7031 librados2-0.94.9-3.el7cp.x86_64.rpm
https://access.redhat.com/errata/RHSA-2016:1384  CVE-2016-5009 librados2-0.94.5-14.el7cp.x86_64.rpm

Environment

  • Red Hat Enterprise Linux 7.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content