Bug 1125080 - (CVE-2019-3821) VUL-0: CVE-2019-3821: ceph: ceph: radosgw: Resource exhaustion via TCP connection to port serving the SSL endpoint
VUL-0: CVE-2019-3821: ceph: ceph: radosgw: Resource exhaustion via TCP connec...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Major
: ---
Assigned To: Nathan Cutler
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2019-02-12 06:46 UTC by Marcus Meissner
Modified: 2021-07-19 10:44 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-02-12 06:46:19 UTC

A flaw was found in rados gateway shipped as part of ceph. Unclosed file descriptors while denying TCP connections to SSL serving port pile up until exhaustion of resources leading to potencial remote denial of service.

Comment 1 Marcus Meissner 2019-02-12 08:53:00 UTC
Comment 3 Nathan Cutler 2019-03-11 12:54:40 UTC

Has been in SES6 since (at least) Milestone 11.
Comment 4 Nathan Cutler 2019-05-22 08:45:06 UTC
According to Comment 2, this bug *only* affects SES6.

The fix has been in SES6 since February 2019. I have just added the bsc# and CVE citations to the changes file.
Comment 7 Swamp Workflow Management 2019-08-05 19:14:28 UTC
SUSE-SU-2019:2049-1: An update that solves two vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1121567,1123360,1124957,1125080,1125899,1131984,1132396,1133139,1133461,1135030,1135219,1135221,1135388,1136110
CVE References: CVE-2018-16889,CVE-2019-3821
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    ceph-, ceph-test-
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    ceph-
SUSE Enterprise Storage 6 (src):    ceph-

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.