CVE-2019-10222

Priority
Description
A flaw was found in the Ceph RGW configuration with Beast as the front end
handling client requests. An unauthenticated attacker could crash the Ceph
RGW server by sending valid HTTP headers and terminating the connection,
resulting in a remote denial of service for Ceph RGW clients.
Notes
sbeattieonly in beast rados gw frontend
nautilus (14.x), mimic (13.x), and luminous (12.x), the
latter as experimental feature.
Package
Source: ceph (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (12.2.12-0ubuntu0.18.04.2)
More Information

Updated: 2020-07-28 20:06:00 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)