Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 791253 (CVE-2021-3531) - <sys-cluster/ceph-{14.2.21,15.2.12,16.2.4}: RGW unauthenticated denial of service (CVE-2021-3531)
Summary: <sys-cluster/ceph-{14.2.21,15.2.12,16.2.4}: RGW unauthenticated denial of ser...
Alias: CVE-2021-3531
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa+ cve]
Depends on:
Blocks: CVE-2020-25678, CVE-2021-20288
  Show dependency tree
Reported: 2021-05-21 03:09 UTC by John Helmert III
Modified: 2021-05-26 20:58 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---
nattka: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-05-21 03:09:36 UTC

A flaw was found in the Red Hat Ceph Storage RGW. When processing a GET
Request for a swift URL that ends with two slashes it can cause the rgw to
crash, resulting in a denial of service.

We have assigned it a CVE of CVE-2021-3531 and a patch is attached.

Fixes may be found here:


Fixes are currently in no release.
Comment 1 Thomas Deutschmann gentoo-dev 2021-05-24 14:49:42 UTC
Fixed in v14.2.21,
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-24 20:44:03 UTC
amd64 done

all arches done
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-24 21:23:13 UTC
Pleas cleanup.
Comment 4 Larry the Git Cow gentoo-dev 2021-05-26 20:55:18 UTC
The bug has been referenced in the following commit(s):

commit 8de8aea99fb92f1cf48d1cb803ada4d4aaa520f6
Author:     Thomas Deutschmann <>
AuthorDate: 2021-05-26 20:55:09 +0000
Commit:     Thomas Deutschmann <>
CommitDate: 2021-05-26 20:55:09 +0000

    sys-cluster/ceph: security cleanup
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <>

 sys-cluster/ceph/Manifest            |   5 -
 sys-cluster/ceph/ceph-14.2.19.ebuild | 394 ------------------------------
 sys-cluster/ceph/ceph-14.2.20.ebuild | 394 ------------------------------
 sys-cluster/ceph/ceph-15.2.11.ebuild | 405 -------------------------------
 sys-cluster/ceph/ceph-16.2.1.ebuild  | 448 ----------------------------------
 sys-cluster/ceph/ceph-16.2.3.ebuild  | 449 -----------------------------------
 6 files changed, 2095 deletions(-)
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 20:58:54 UTC
This issue was resolved and addressed in
 GLSA 202105-39 at
by GLSA coordinator Thomas Deutschmann (whissi).