https://www.openwall.com/lists/oss-security/2021/05/14/5 "Hello, A flaw was found in the Red Hat Ceph Storage RGW. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. We have assigned it a CVE of CVE-2021-3531 and a patch is attached. Fixes may be found here: Nautilus: https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e Octopus: https://github.com/ceph/ceph/commit/b87e64e3206210580f4a6df2d77f9ae3f1033039 Pacific: https://github.com/ceph/ceph/commit/bf06990ab41d7ac299e4441ad9cd434e926a18e7" Fixes are currently in no release.
Fixed in v14.2.21,
amd64 done all arches done
Pleas cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8de8aea99fb92f1cf48d1cb803ada4d4aaa520f6 commit 8de8aea99fb92f1cf48d1cb803ada4d4aaa520f6 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-05-26 20:55:09 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-05-26 20:55:09 +0000 sys-cluster/ceph: security cleanup Bug: https://bugs.gentoo.org/791253 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> sys-cluster/ceph/Manifest | 5 - sys-cluster/ceph/ceph-14.2.19.ebuild | 394 ------------------------------ sys-cluster/ceph/ceph-14.2.20.ebuild | 394 ------------------------------ sys-cluster/ceph/ceph-15.2.11.ebuild | 405 ------------------------------- sys-cluster/ceph/ceph-16.2.1.ebuild | 448 ---------------------------------- sys-cluster/ceph/ceph-16.2.3.ebuild | 449 ----------------------------------- 6 files changed, 2095 deletions(-)
This issue was resolved and addressed in GLSA 202105-39 at https://security.gentoo.org/glsa/202105-39 by GLSA coordinator Thomas Deutschmann (whissi).
