CVE-2020-12059

Priority
Description
An issue was discovered in Ceph through 13.2.9. A POST request with an
invalid tagging XML can crash the RGW process by triggering a NULL pointer
exception.
Assigned-to
mdeslaur
Notes
mdeslaurintroduced in 12.1.1, code in 14.x is different
Package
Source: ceph (LP Ubuntu Debian)
Upstream:released (13.2.10)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (12.2.13-0ubuntu0.18.04.4)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (code not present)
Ubuntu 20.10 (Groovy Gorilla):not-affected (code not present)
Patches:
Upstream:https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3
More Information

Updated: 2020-09-22 16:15:55 UTC (commit d809b9c447f23c03e553d3212b8e38faa2ec2582)