CVE-2019-10222

Priority
Description
A flaw was found in the Ceph RGW configuration with Beast as the front end
handling client requests. An unauthenticated attacker could crash the Ceph
RGW server by sending valid HTTP headers and terminating the connection,
resulting in a remote denial of service for Ceph RGW clients.
Notes
sbeattieonly in beast rados gw frontend
nautilus (14.x), mimic (13.x), and luminous (12.x), the
latter as experimental feature.
Package
Source: ceph (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (12.2.12-0ubuntu0.18.04.2)
Ubuntu 19.04 (Disco Dingo):released (13.2.6-0ubuntu0.19.04.3)
Ubuntu 19.10 (Eoan Ermine):not-affected (14.2.2-0ubuntu2)
More Information

Updated: 2019-12-05 21:09:36 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)