Re: CVE-2023-43040 - Improperly verified POST keys in Ceph RGW?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We discussed this in the CLT today and Casey can talk more about the impact
and technical state of affairs.

This was disclosed on the security list and it’s rated as a bug that did
not require hotfix releases due to the limited escalation scope.
-Greg

On Wed, Sep 27, 2023 at 1:37 AM Christian Rohmann <
christian.rohmann@xxxxxxxxx> wrote:

> Hey Ceph-users,
>
> i just noticed there is a post to oss-security
> (https://www.openwall.com/lists/oss-security/2023/09/26/10) about a
> security issue with Ceph RGW.
> Signed by IBM / Redhat and including a patch by DO.
>
>
> I also raised an issue on the tracker
> (https://tracker.ceph.com/issues/63004) about this, as I could not find
> one yet.
> It seems a weird way of disclosing such a thing and am wondering if
> anybody knew any more about this?
>
>
>
> Regards
>
>
> Christian
>
>
>
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx
> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux