Bugzilla – Bug 1063014
VUL-0: CVE-2017-16818: ceph: User reachable asserts allow for DoS
Last modified: 2021-07-19 10:39:18 UTC
Fixes are already public, but we got it over a private channel, keeping the bug closed for now https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a We have the asserts in SLE 12 SP3 and probably also in older products
(In reply to Johannes Segitz from comment #1) Looks like this only affects SLE 12 SP3
The fix: * upstream master (Mimic) https://github.com/ceph/ceph/pull/18225 * upstream backport (Luminous) https://github.com/ceph/ceph/pull/18287 * downstream backport (SES5) https://github.com/SUSE/ceph/pull/156
(In reply to Johannes Segitz from comment #2) > Looks like this only affects SLE 12 SP3 Actually, it only affects SES5, because the code in question is part of the RADOS REST Gateway (ceph-radosgw subpackage) and that subpackage does not ship on SLE-12-SP3.
*** Bug 1069253 has been marked as a duplicate of this bug. ***
This bug was mentioned inside the ceph submission (comment 7). Therefore this bug is now the main reference to CVE-2017-16818.
SUSE-SU-2018:0083-1: An update that solves one vulnerability and has four fixes is now available. Category: security (moderate) Bug References: 1060904,1063014,1066182,1067119,1067705 CVE References: CVE-2017-16818 Sources used: SUSE Enterprise Storage 5 (src): ceph-12.2.2+git.1513357992.5030136da9-2.10.1
SUSE-SU-2018:1417-1: An update that solves two vulnerabilities and has 21 fixes is now available. Category: security (important) Bug References: 1051598,1054061,1056125,1056967,1059458,1060904,1061461,1063014,1066182,1066502,1067088,1067119,1067705,1070357,1071386,1074301,1079076,1080788,1081379,1081600,1086340,1087269,1087493 CVE References: CVE-2017-16818,CVE-2018-7262 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 SUSE Linux Enterprise Server 12-SP3 (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 SUSE Linux Enterprise Desktop 12-SP3 (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 SUSE CaaS Platform ALL (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-2.6.3
openSUSE-SU-2018:1470-1: An update that solves two vulnerabilities and has 21 fixes is now available. Category: security (important) Bug References: 1051598,1054061,1056125,1056967,1059458,1060904,1061461,1063014,1066182,1066502,1067088,1067119,1067705,1070357,1071386,1074301,1079076,1080788,1081379,1081600,1086340,1087269,1087493 CVE References: CVE-2017-16818,CVE-2018-7262 Sources used: openSUSE Leap 42.3 (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-9.1, ceph-test-12.2.5+git.1524775272.5e7ea8cf03-9.1
openSUSE-SU-2018:2479-1: An update that solves two vulnerabilities and has 21 fixes is now available. Category: security (important) Bug References: 1051598,1054061,1056125,1056967,1059458,1060904,1061461,1063014,1066182,1066502,1067088,1067119,1067705,1070357,1071386,1074301,1079076,1080788,1081379,1081600,1086340,1087269,1087493 CVE References: CVE-2017-16818,CVE-2018-7262 Sources used: openSUSE Leap 42.3 (src): ceph-12.2.5+git.1524775272.5e7ea8cf03-9.1, ceph-test-12.2.5+git.1524775272.5e7ea8cf03-9.1