|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2017-16818: ceph: User reachable asserts allow for DoS | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Johannes Segitz <jsegitz> |
| Component: | Incidents | Assignee: | Nathan Cutler <ncutler> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | abergmann, alekshmanan, holgi, kmroz, lmb |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | CVSSv3:RedHat:CVE-2017-16818:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVSSv2:SUSE:CVE-2017-16818:6.8:(AV:N/AC:L/Au:S/C:N/I:N/A:C) CVSSv2:NVD:CVE-2017-16818:4.0:(AV:N/AC:L/Au:S/C:N/I:N/A:P) CVSSv3:SUSE:CVE-2017-16818:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Comment 1
Johannes Segitz
2017-10-12 12:29:22 UTC
(In reply to Johannes Segitz from comment #1) Looks like this only affects SLE 12 SP3 The fix: * upstream master (Mimic) https://github.com/ceph/ceph/pull/18225 * upstream backport (Luminous) https://github.com/ceph/ceph/pull/18287 * downstream backport (SES5) https://github.com/SUSE/ceph/pull/156 (In reply to Johannes Segitz from comment #2) > Looks like this only affects SLE 12 SP3 Actually, it only affects SES5, because the code in question is part of the RADOS REST Gateway (ceph-radosgw subpackage) and that subpackage does not ship on SLE-12-SP3. *** Bug 1069253 has been marked as a duplicate of this bug. *** This bug was mentioned inside the ceph submission (comment 7). Therefore this bug is now the main reference to CVE-2017-16818. SUSE-SU-2018:0083-1: An update that solves one vulnerability and has four fixes is now available. Category: security (moderate) Bug References: 1060904,1063014,1066182,1067119,1067705 CVE References: CVE-2017-16818 Sources used: SUSE Enterprise Storage 5 (src): ceph-12.2.2+git.1513357992.5030136da9-2.10.1 SUSE-SU-2018:1417-1: An update that solves two vulnerabilities and has 21 fixes is now available. Category: security (important) Bug References: 1051598,1054061,1056125,1056967,1059458,1060904,1061461,1063014,1066182,1066502,1067088,1067119,1067705,1070357,1071386,1074301,1079076,1080788,1081379,1081600,1086340,1087269,1087493 CVE References: CVE-2017-16818,CVE-2018-7262 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 SUSE Linux Enterprise Server 12-SP3 (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 SUSE Linux Enterprise Desktop 12-SP3 (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 SUSE CaaS Platform ALL (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 openSUSE-SU-2018:1470-1: An update that solves two vulnerabilities and has 21 fixes is now available. Category: security (important) Bug References: 1051598,1054061,1056125,1056967,1059458,1060904,1061461,1063014,1066182,1066502,1067088,1067119,1067705,1070357,1071386,1074301,1079076,1080788,1081379,1081600,1086340,1087269,1087493 CVE References: CVE-2017-16818,CVE-2018-7262 Sources used: openSUSE Leap 42.3 (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-9.1, ceph-test-12.2.5+git.1524775272.5e7ea8cf03-9.1 openSUSE-SU-2018:2479-1: An update that solves two vulnerabilities and has 21 fixes is now available. Category: security (important) Bug References: 1051598,1054061,1056125,1056967,1059458,1060904,1061461,1063014,1066182,1066502,1067088,1067119,1067705,1070357,1071386,1074301,1079076,1080788,1081379,1081600,1086340,1087269,1087493 CVE References: CVE-2017-16818,CVE-2018-7262 Sources used: openSUSE Leap 42.3 (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-9.1, ceph-test-12.2.5+git.1524775272.5e7ea8cf03-9.1 |