Bug 1546610 (CVE-2018-7262)
Summary: | CVE-2018-7262 ceph: Unauthenticated malformed HTTP requests handled by rgw_civetweb.cc:RGW::init_env() can lead to denial of service | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | branto, cbodley, danmick, david, fedora, i, jonathan, josef, kdreyer, kkeithle, ramkrsna, sisharma, steve |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A NULL pointer dereference flaw was found in RADOS Gateway HTTP request handling when using the Civetweb native webserver. An unauthenticated attacker could crash RADOS Gateway server by sending malicious HTTP requests.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-05-23 09:35:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1546611, 1546613, 1547673, 1548926, 1548927, 1548928 | ||
Bug Blocks: | 1546612, 1550199 |
Description
Sam Fowler
2018-02-19 02:57:00 UTC
Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1546611] Upstream Pull Request: https://github.com/ceph/ceph/pull/20564 upstream fix: https://github.com/ceph/ceph/pull/20564/commits/b206912d753778b8d889a903f509a6f951cf41a4?diff=unified This issue has been addressed in the following products: Red Hat Ceph Storage 3.0 for Ubuntu 16.04 Via RHSA-2018:0546 https://access.redhat.com/errata/RHSA-2018:0546 This issue has been addressed in the following products: Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 Via RHSA-2018:0548 https://access.redhat.com/errata/RHSA-2018:0548 This was fixed upstream in 12.2.4, the latest rebase fixed it downstream, too. I am sorry, I had too many tabs opened and I have accidentally closed the wrong bug. |