Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 791253 (CVE-2021-3531)

Summary: <sys-cluster/ceph-{14.2.21,15.2.12,16.2.4}: RGW unauthenticated denial of service (CVE-2021-3531)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: chutzpah, cluster, dlan, proth+gentoobugs
Priority: Normal Keywords: CC-ARCHES, STABLEREQ
Version: unspecifiedFlags: nattka: sanity-check+
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 783486    

Description John Helmert III gentoo-dev Security 2021-05-21 03:09:36 UTC

A flaw was found in the Red Hat Ceph Storage RGW. When processing a GET
Request for a swift URL that ends with two slashes it can cause the rgw to
crash, resulting in a denial of service.

We have assigned it a CVE of CVE-2021-3531 and a patch is attached.

Fixes may be found here:


Fixes are currently in no release.
Comment 1 Thomas Deutschmann gentoo-dev Security 2021-05-24 14:49:42 UTC
Fixed in v14.2.21,
Comment 2 Sam James archtester gentoo-dev Security 2021-05-24 20:44:03 UTC
amd64 done

all arches done
Comment 3 Sam James archtester gentoo-dev Security 2021-05-24 21:23:13 UTC
Pleas cleanup.
Comment 4 Larry the Git Cow gentoo-dev 2021-05-26 20:55:18 UTC
The bug has been referenced in the following commit(s):

commit 8de8aea99fb92f1cf48d1cb803ada4d4aaa520f6
Author:     Thomas Deutschmann <>
AuthorDate: 2021-05-26 20:55:09 +0000
Commit:     Thomas Deutschmann <>
CommitDate: 2021-05-26 20:55:09 +0000

    sys-cluster/ceph: security cleanup
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <>

 sys-cluster/ceph/Manifest            |   5 -
 sys-cluster/ceph/ceph-14.2.19.ebuild | 394 ------------------------------
 sys-cluster/ceph/ceph-14.2.20.ebuild | 394 ------------------------------
 sys-cluster/ceph/ceph-15.2.11.ebuild | 405 -------------------------------
 sys-cluster/ceph/ceph-16.2.1.ebuild  | 448 ----------------------------------
 sys-cluster/ceph/ceph-16.2.3.ebuild  | 449 -----------------------------------
 6 files changed, 2095 deletions(-)
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 20:58:54 UTC
This issue was resolved and addressed in
 GLSA 202105-39 at
by GLSA coordinator Thomas Deutschmann (whissi).