'[oss-security] Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service
From:       Ana McTaggart <amctagga () redhat ! com>
Date:       2021-05-17 19:34:12
Message-ID: CABBoStiNOoDZWc+ehgQSYDLaLSz0prSGR+fTS0wbuyCmB9muwQ () mail ! gmail ! com
[Download RAW message or body]


To clarify, the correct patch may be found in the following commit.
https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e

Ana McTaggart

Red Hat Product Security

Red Hat Remote <https://www.redhat.com>


secalert@redhat.com for urgent response


amct@redhat.com


M: +1 (774)279-0791 <7742790791>     IM: amctagga


Pronouns:They/Them/Theirs



On Fri, May 14, 2021 at 3:16 PM Ana McTaggart <amctagga@redhat.com> wrote:

> Hello,
> A flaw was found in the Red Hat Ceph Storage RGW. When processing a GET
> Request for a swift URL that ends with two slashes it can cause the rgw to
> crash, resulting in a denial of service.
>
> We have assigned it a CVE of CVE-2021-3531 and a patch is attached.
>
> Fixes may be found here:
>
> Nautilus:
> https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e
> Octopus:
> https://github.com/ceph/ceph/commit/b87e64e3206210580f4a6df2d77f9ae3f1033039
> Pacific:
> https://github.com/ceph/ceph/commit/bf06990ab41d7ac299e4441ad9cd434e926a18e7
>
> Ana McTaggart
>
> Red Hat Product Security
>
> Red Hat Remote <https://www.redhat.com>
>
>
> secalert@redhat.com for urgent response
>
>
> amct@redhat.com
>
>
> M: +1 (774)279-0791 <7742790791>     IM: amctagga
>
>
> Pronouns:They/Them/Theirs
>
>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic