Source: ceph Version: 14.2.20-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for ceph. CVE-2021-3531[0]: | A flaw was found in the Red Hat Ceph Storage RGW in versions before | 14.2.21. When processing a GET Request for a swift URL that ends with | two slashes it can cause the rgw to crash, resulting in a denial of | service. The greatest threat to the system is of availability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3531 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3531 [1] https://www.openwall.com/lists/oss-security/2021/05/14/5 [2] https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e Please adjust the affected versions in the BTS as needed. Regards, Salvatore