CVE-2016-9579

Priority
Medium
Description
RGW server DoS via request with invalid HTTP Origin header
References
Bugs
Notes
 leosilva> xenial, zesty and artful already have the code fixed
Assigned-to
mdeslaur
Package
Source: ceph (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (10.2.2-0ubuntu5)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):released (0.80.11-0ubuntu1.14.04.3)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (10.2.2-0ubuntu0.16.04.2)
Ubuntu 17.04 (Zesty Zapus):not-affected (10.2.2-0ubuntu5)
Patches:
Upstream:https://github.com/ceph/ceph/commit/c0e845c4f6b03f3c28c31ba2278be5b20e5be13c
Upstream:https://github.com/ceph/ceph/pull/12397
Upstream:https://github.com/ceph/ceph/pull/12398
More Information

Updated: 2017-10-11 14:14:44 UTC (commit 13496)