[Secure-testing-team] Bug#838026: ceph: CVE-2016-7031: rgw: Anonymous user is able to read bucket with authenticated read ACL
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 16 15:11:34 UTC 2016
Source: ceph
Version: 0.80.7-2
Severity: important
Tags: security upstream
Forwarded: http://tracker.ceph.com/issues/13207
Hi,
the following vulnerability was published for ceph.
CVE-2016-7031[0]:
rgw: Anonymous user is able to read bucket with authenticated read ACL
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7031
Please adjust the affected versions in the BTS as needed. From looking
at the code ceph seems affected, but I'm not too familiar with it to
fully understand. It looks as well not important enought to need a
DSA, so if then it could be fixed via point release, IMHO.
Let us know your toughts.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list