[SECURITY] [DSA 6321-1] ceph security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6321-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2026 https://www.debian.org/security/faq -...

SUSE CVE-2026-46052

In the Linux kernel, the following vulnerability has been resolved: ceph: only dadd negative dentries when they are unhashed Ceph can call dadddentry, NULL on a negative dentry that is already present in the primary dcache hash. In the current VFS that is not safe. dadd goes through dadd to...

Astra Linux - уязвимость в ceph

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the x-amz-copy-source argument to copy an object and specifying an empty string as its content resulted in the RGW daemon crashing, leading to a DoS attack. As of the time of publication,...

Astra Linux - уязвимость в ceph

An authentication flaw was discovered in Ceph versions prior to 14.2.20. When the monitor processes CEPHXGETAUTHSESSIONKEY requests, it does not sanitize otherkeys, allowing for key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid that has...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ceph: Do not leak snaprwsem when handlecapgrant is called on an IMPORT operation. When handlecapgrant is called on an IMPORT operation, the snaprwsem resource is held, and the function is expected to release it before returning...

Linux Distros Unpatched Vulnerability : CVE-2026-43408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following...

PT-2026-37613

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The ceph zero partial object function lacks the proper snapshot context for its OSD write operations. This deficiency can result in data inconsistencies within snapshots. Recommendations...

Astra Linux - уязвимость в ceph

IBM Spectrum Fusion HCI versions 2.5.2 through 2.7.2 may allow attackers to perform unauthorized actions in the RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007239)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007239 advisory. In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encodecapmsg In fs/ceph/caps.c, in encodecapmsg, use after free...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007425)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007425 advisory. In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in havemonandosdmap The wait loop in cephopensession can...

NewStart CGSL MAIN 7.02 : ceph Vulnerability (NS-SA-2026-0039)

The remote NewStart CGSL host, running version MAIN 7.02, has ceph packages installed that are affected by a vulnerability: - Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has none as JWT alg. And by doing so the J...

OESA-2026-1541 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument...

CVE-2026-23201

In the Linux kernel, the following vulnerability has been resolved: ceph: fix oops due to invalid pointer for kfree in parselongname This fixes a kernel oops when reading ceph snapshot directories .snap, for example by simply running ls /mnt/myceph/.snap. The variable str is guarded by freekfree,...

Debian dla-4460 : ceph - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4460 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4460-1 [email protected]...

Mageia: Security Advisory (MGASA-2026-0025)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992465)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992465 advisory. In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snaprwsem in handlecapgrant When handlecapgrant is called on an IMPORT op, then...

Mageia: Security Advisory (MGASA-2025-0333)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-40362

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in...

CVE-2024-47866 affecting package ceph for versions less than 18.2.2-12

CVE-2024-47866 affecting package ceph for versions less than 18.2.2-12. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2024-47866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object an...