(RHSA-2016:1384) Moderate: ceph security update

2016-07-06T00:09:03
ID RHSA-2016:1384
Type redhat
Reporter RedHat
Modified 2018-03-19T16:31:04

Description

Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services.

A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash.(CVE-2016-5009)

Upstream acknowledges Xiaoxi Chen as the original reporter of CVE-2016-5009.

All ceph users are advised to upgrade to this updated package, which contains backported patches to correct this issue.