Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services.
A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash.(CVE-2016-5009)
Upstream acknowledges Xiaoxi Chen as the original reporter of CVE-2016-5009.
All ceph users are advised to upgrade to this updated package, which contains backported patches to correct this issue.