RGW S3 listing operations provided a way for authenticated users to cause a denial of service against OMAPs holding bucket indices. References: http://tracker.ceph.com/issues/35994
External References: https://ceph.com/releases/13-2-4-mimic-released/
Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1665973]
upstream fix https://github.com/ceph/ceph/commit/ab29bed2fc9f961fe895de1086a8208e21ddaddc
This issue has been addressed in the following products: Red Hat Ceph Storage 3.3 Via RHSA-2019:2538 https://access.redhat.com/errata/RHSA-2019:2538
This issue has been addressed in the following products: Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 Via RHSA-2019:2541 https://access.redhat.com/errata/RHSA-2019:2541
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-16846