[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service
From: Ana McTaggart <amctagga () redhat ! com>
Date: 2021-05-17 19:34:12
Message-ID: CABBoStiNOoDZWc+ehgQSYDLaLSz0prSGR+fTS0wbuyCmB9muwQ () mail ! gmail ! com
[Download RAW message or body]
To clarify, the correct patch may be found in the following commit.
https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e
Ana McTaggart
Red Hat Product Security
Red Hat Remote <https://www.redhat.com>
secalert@redhat.com for urgent response
amct@redhat.com
M: +1 (774)279-0791 <7742790791> IM: amctagga
Pronouns:They/Them/Theirs
On Fri, May 14, 2021 at 3:16 PM Ana McTaggart <amctagga@redhat.com> wrote:
> Hello,
> A flaw was found in the Red Hat Ceph Storage RGW. When processing a GET
> Request for a swift URL that ends with two slashes it can cause the rgw to
> crash, resulting in a denial of service.
>
> We have assigned it a CVE of CVE-2021-3531 and a patch is attached.
>
> Fixes may be found here:
>
> Nautilus:
> https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e
> Octopus:
> https://github.com/ceph/ceph/commit/b87e64e3206210580f4a6df2d77f9ae3f1033039
> Pacific:
> https://github.com/ceph/ceph/commit/bf06990ab41d7ac299e4441ad9cd434e926a18e7
>
> Ana McTaggart
>
> Red Hat Product Security
>
> Red Hat Remote <https://www.redhat.com>
>
>
> secalert@redhat.com for urgent response
>
>
> amct@redhat.com
>
>
> M: +1 (774)279-0791 <7742790791> IM: amctagga
>
>
> Pronouns:They/Them/Theirs
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic