ceph is vulnerable to denial of service. A flaw was found in the way handle_command()
function would validate prefix value from user. An authenticated attacker could send a malicious prefix value resulting in ceph monitor crash.
lists.opensuse.org/opensuse-updates/2016-12/msg00126.html
tracker.ceph.com/issues/16297
access.redhat.com/errata/RHSA-2016:1384
access.redhat.com/errata/RHSA-2016:1385
access.redhat.com/security/cve/CVE-2016-5009
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1351453
github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6
github.com/ceph/ceph/pull/9700
rhn.redhat.com/errata/RHSA-2016-1384.html