A flaw was discovered in ceph. Assertion in rgw_iam_policy.cc can be reached by user input and fail through data passed in from a rest call causing it to crash. Upstream patch: https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a
Created ceph tracking bugs for this issue: Affects: epel-6 [bug 1515896] Affects: fedora-all [bug 1515895]
Analysis: Red Hat Ceph Storage 1.3 and Red Hat Ceph Storage 2 are not affected by this flaw as bucket policy is not supported in ceph version shipped with these products.