Vulnerability CVE-2018-7262: Information
Description
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
ceph | sisyphus | 12.2.4-alt1.S1 | 18.2.1-alt2.1 | ALT-PU-2018-1391-1 | 201097 | Fixed |
ceph | p10 | 12.2.4-alt1.S1 | 17.2.7-alt2 | ALT-PU-2018-1391-1 | 201097 | Fixed |
ceph | p9 | 12.2.4-alt1.S1 | 14.2.22-alt1 | ALT-PU-2018-1391-1 | 201097 | Fixed |
ceph | p8 | 12.2.4-alt1.M80P.1 | 12.2.13-alt1 | ALT-PU-2018-1393-1 | 201374 | Fixed |
ceph | c10f1 | 12.2.4-alt1.S1 | 17.2.6-alt2 | ALT-PU-2018-1391-1 | 201097 | Fixed |
ceph | c9f2 | 12.2.4-alt1.S1 | 14.2.22-alt1 | ALT-PU-2018-1391-1 | 201097 | Fixed |
ceph | c7 | 10.2.11-alt1.M70C.2 | 10.2.11-alt1.M70C.2 | ALT-PU-2019-1725-1 | 218597 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/ceph/ceph/pull/20488 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1546611 |
|
http://tracker.ceph.com/issues/23039 |
|
RHSA-2018:0548 |
|
RHSA-2018:0546 |
|
FEDORA-2018-ed907ef9a0 |