oss-sec mailing list archives
Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service
From: Ana McTaggart <amctagga () redhat com>
Date: Mon, 17 May 2021 15:34:12 -0400
To clarify, the correct patch may be found in the following commit. https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e Ana McTaggart Red Hat Product Security Red Hat Remote <https://www.redhat.com> secalert () redhat com for urgent response amct () redhat com M: +1 (774)279-0791 <7742790791> IM: amctagga Pronouns:They/Them/Theirs On Fri, May 14, 2021 at 3:16 PM Ana McTaggart <amctagga () redhat com> wrote:
Hello, A flaw was found in the Red Hat Ceph Storage RGW. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. We have assigned it a CVE of CVE-2021-3531 and a patch is attached. Fixes may be found here: Nautilus: https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e Octopus: https://github.com/ceph/ceph/commit/b87e64e3206210580f4a6df2d77f9ae3f1033039 Pacific: https://github.com/ceph/ceph/commit/bf06990ab41d7ac299e4441ad9cd434e926a18e7 Ana McTaggart Red Hat Product Security Red Hat Remote <https://www.redhat.com> secalert () redhat com for urgent response amct () redhat com M: +1 (774)279-0791 <7742790791> IM: amctagga Pronouns:They/Them/Theirs
Current thread:
- CVE-2021-3531: Ceph: RGW unauthenticated denial of service Ana McTaggart (May 14)
- Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service Ana McTaggart (May 17)