Back to bug 1791691
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Marian Rehak | 2020-01-16 11:37:53 UTC | CC | security-response-team | |
| Marian Rehak | 2020-01-16 11:39:49 UTC | Blocks | 1791692 | |
| Hardik Vyas | 2020-01-17 07:56:22 UTC | Doc Text | A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnect. An authenticated attacker can abuse this flaw by making multiple attempts of disconnect resulting in permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources and preventing legitimate users from connecting to the system. | |
| Hardik Vyas | 2020-01-17 15:11:34 UTC | Fixed In Version | ceph 14.2.4-111.el8cp, ceph 14.2.4-42.el7cp | |
| Hardik Vyas | 2020-01-20 14:33:45 UTC | Depends On | 1793038 | |
| Eric Christensen | 2020-01-20 15:44:22 UTC | Doc Text | A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnect. An authenticated attacker can abuse this flaw by making multiple attempts of disconnect resulting in permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources and preventing legitimate users from connecting to the system. | A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. |
| Hardik Vyas | 2020-01-23 11:50:52 UTC | Depends On | 1794358 | |
| Hardik Vyas | 2020-01-31 17:26:14 UTC | Group | security, qe_staff | |
| CC | adeza, bniver, danmick, david, fedora, i, josef, kkeithle, loic, madam, ocs-bugs, ramkrsna, sostapov, steve | |||
| Fixed In Version | ceph 14.2.4-111.el8cp, ceph 14.2.4-42.el7cp | ceph 14.2.4-125.el8cp, ceph 14.2.4-51.el7cp | ||
| Summary | EMBARGOED CVE-2020-1700 ceph: connection leak in the RGW Beast front-end permits a DoS against the RGW server | CVE-2020-1700 ceph: connection leak in the RGW Beast front-end permits a DoS against the RGW server | ||
| Hardik Vyas | 2020-01-31 17:27:27 UTC | Depends On | 1796995 | |
| PnT Account Manager | 2020-07-10 21:39:53 UTC | CC | kbasil | |
| PnT Account Manager | 2020-08-28 21:28:56 UTC | CC | srangach | |
| Red Hat Bugzilla | 2021-02-16 02:43:02 UTC | CC | adeza | |
| Kaleb KEITHLEY | 2021-03-19 17:37:29 UTC | CC | kkeithle | |
| Red Hat Bugzilla | 2021-06-22 00:28:29 UTC | CC | dbecker | |
| Red Hat Bugzilla | 2022-12-31 23:28:55 UTC | CC | branto | |
| Red Hat Bugzilla | 2023-01-01 06:02:15 UTC | CC | bniver | |
| Red Hat Bugzilla | 2023-01-01 08:43:44 UTC | CC | sostapov | |
| Alasdair Kergon | 2023-01-04 05:43:50 UTC | CC | sostapov | |
| Alasdair Kergon | 2023-01-04 06:11:25 UTC | CC | bniver | |
| Red Hat Bugzilla | 2023-01-31 23:38:16 UTC | CC | madam | |
| Red Hat Bugzilla | 2023-07-07 08:34:58 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody | ||
| Red Hat Bugzilla | 2023-08-03 08:30:34 UTC | CC | ocs-bugs |
Back to bug 1791691