Source: ceph X-Debbugs-CC: [email protected] Severity: grave Tags: security
Hi, The following vulnerability was published for ceph. CVE-2024-47866[0]: | Ceph is a distributed object, block, and file storage platform. In | versions up to and including 19.2.3, using the argument `x-amz-copy- | source` to put an object and specifying an empty string as its | content leads to the RGW daemon crashing, resulting in a DoS attack. | As of time of publication, no known patched versions exist. https://www.openwall.com/lists/oss-security/2025/11/11/3 https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8 https://tracker.ceph.com/issues/72669 https://github.com/ceph/ceph/pull/65159 https://github.com/ceph/ceph/commit/bef59f17293e6e93af025eba1e00646d0b1a2bf0 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-47866 https://www.cve.org/CVERecord?id=CVE-2024-47866 Please adjust the affected versions in the BTS as needed.
