Bugzilla – Bug 1125080
VUL-0: CVE-2019-3821: ceph: ceph: radosgw: Resource exhaustion via TCP connection to port serving the SSL endpoint
Last modified: 2021-07-19 10:44:25 UTC
rh#1656852 A flaw was found in rados gateway shipped as part of ceph. Unclosed file descriptors while denying TCP connections to SSL serving port pile up until exhaustion of resources leading to potencial remote denial of service. References: https://bugzilla.redhat.com/show_bug.cgi?id=1656852 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3821
https://github.com/ceph/civetweb/pull/33
https://github.com/ceph/ceph/pull/26515 Has been in SES6 since (at least) Milestone 11.
According to Comment 2, this bug *only* affects SES6. The fix has been in SES6 since February 2019. I have just added the bsc# and CVE citations to the changes file.
SUSE-SU-2019:2049-1: An update that solves two vulnerabilities and has 12 fixes is now available. Category: security (important) Bug References: 1121567,1123360,1124957,1125080,1125899,1131984,1132396,1133139,1133461,1135030,1135219,1135221,1135388,1136110 CVE References: CVE-2018-16889,CVE-2019-3821 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): ceph-14.2.1.468+g994fd9e0cc-3.3.2, ceph-test-14.2.1.468+g994fd9e0cc-3.3.2 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): ceph-14.2.1.468+g994fd9e0cc-3.3.2 SUSE Enterprise Storage 6 (src): ceph-14.2.1.468+g994fd9e0cc-3.3.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.