CVE-2021-3509

Red Hat OpenStack Platform deployments use the ceph package directly from the Ceph channel; the RHOSP package will not be updated at this time. Red Hat OpenShift Container Storage (RHOCS) 4 shipped ceph package for the usage of RHOCS 4.2 only which has reached End of Life. The shipped version of ceph package is neither used nor supported with the release of RHOCS 4.3. Red Hat Ceph Storage (RHCS) 4 ships a version of ceph which has not been patched for CVE-2020-27839, and therefore, although not vulnerable to this specific flaw, would be vulnerable if CVE-2020-27839 were to be patched without recognition of the flaw. Red Hat Enterprise Linux 8 is not affected by this flaw as it does not include the ceph dashboard component.

Red Hat OpenStack Platform deployments use the ceph package directly from the Ceph channel; the RHOSP package will not be updated at this time. Red Hat OpenShift Container Storage (RHOCS) 4 shipped ceph package for the usage of RHOCS 4.2 only which has reached End of Life. The shipped version of ceph package is neither used nor supported with the release of RHOCS 4.3.

Red Hat Ceph Storage (RHCS) 4 ships a version of ceph which has not been patched for CVE-2020-27839, and therefore, although not vulnerable to this specific flaw, would be vulnerable if CVE-2020-27839 were to be patched without recognition of the flaw.

Red Hat Enterprise Linux 8 is not affected by this flaw as it does not include the ceph dashboard component.