Your message dated Mon, 08 Jun 2026 19:47:39 +0000
with message-id <[email protected]>
and subject line Bug#1120797: fixed in ceph 16.2.15+ds-0+deb12u2
has caused the Debian Bug report #1120797,
regarding ceph: CVE-2024-47866
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1120797: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120797
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ceph
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ceph.
CVE-2024-47866[0]:
| Ceph is a distributed object, block, and file storage platform. In
| versions up to and including 19.2.3, using the argument `x-amz-copy-
| source` to put an object and specifying an empty string as its
| content leads to the RGW daemon crashing, resulting in a DoS attack.
| As of time of publication, no known patched versions exist.
https://www.openwall.com/lists/oss-security/2025/11/11/3
https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8
https://tracker.ceph.com/issues/72669
https://github.com/ceph/ceph/pull/65159
https://github.com/ceph/ceph/commit/bef59f17293e6e93af025eba1e00646d0b1a2bf0
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-47866
https://www.cve.org/CVERecord?id=CVE-2024-47866
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: ceph
Source-Version: 16.2.15+ds-0+deb12u2
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ceph, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated ceph package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 16 May 2026 14:52:24 +0200
Source: ceph
Architecture: source
Version: 16.2.15+ds-0+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Ceph Packaging Team <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1108410 1120797 1126573
Changes:
ceph (16.2.15+ds-0+deb12u2) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* mgr/alerts: enforce ssl context to SMTP_SSL (CVE-2024-31884)
(Closes: #1126573)
* Check if `HTTP_X_AMZ_COPY_SOURCE` header is empty (CVE-2024-47866)
(Closes: #1120797)
* client: disallow unprivileged users to escalate root privileges
(CVE-2025-52555) (Closes: #1108410)
* client: prohibit unprivileged users from setting sgid/suid bits
Checksums-Sha1:
fd4bb40347a386f856859029fe32d4af1bfc21c5 8303 ceph_16.2.15+ds-0+deb12u2.dsc
64dcd07cfa5a90f442fecbaf00f0d80b1e5fb128 122268
ceph_16.2.15+ds-0+deb12u2.debian.tar.xz
d88337c5765145b9f063e563802b64261517c8cb 7447
ceph_16.2.15+ds-0+deb12u2_source.buildinfo
Checksums-Sha256:
665b3d321903f15aaacfd628f4532a2c0a8cd3632edfb248c43c4b9c7f084fb6 8303
ceph_16.2.15+ds-0+deb12u2.dsc
f7bfc23cb70b8567b1b21bcedbcfb963029b13ccd3a598dd967db0d4774da3aa 122268
ceph_16.2.15+ds-0+deb12u2.debian.tar.xz
ce51201e620bda42ad90c84a6e1e7d9c045eba3decd19bb59f7434e98179ca56 7447
ceph_16.2.15+ds-0+deb12u2_source.buildinfo
Files:
b36ef720fa43aa291df017055749a482 8303 admin optional
ceph_16.2.15+ds-0+deb12u2.dsc
664c96964795d2a44890db041d167214 122268 admin optional
ceph_16.2.15+ds-0+deb12u2.debian.tar.xz
19e95a9582572847a02fc20e988c6bf9 7447 admin optional
ceph_16.2.15+ds-0+deb12u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoJzk9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EmBwQAJX33+4rmUC042IIBgMmmR4yCapG9cJc
1h3YLJO+mmptfwP0svgDPEQIlv23NB1j3EigznpAadiDy9cYUNmcC0lEiLf/eNTS
LYCivlI+znqv60elQ4vJQ6/eHBMvRBLeL9QIPcDc3HAPscq1HeE0vcIIdQOw93dz
bspeoV1A7W0TKjZlBBnkWhY25UGtqc5hpic31kQAaeWxLE4NA11v5OvKti+ll36f
NpKfkc1AQoDURQAvHmfP8nKdqQF013VmhwlLYlJe0bZEfrUIZW09h6Z1rSua7i+W
H07MhVnqrip/D1TuImqNkdFsPkMNmzz0MIuoJf/SkOQN+PmA46OYblPTXzirL4xM
xtoOofgEhavlJz6o8XBdyeKKKikvMROHdjyTV9Jypyd+q6YOE7Wag/isnvdH0OeK
9ELdG+HDleZN2RamRuA4Vhu3zrifZ3nobGkyPUgcQxIGutGe7nPvIsPXOgV2yBdz
7p8lVwMcp+dlz4EjvtKrsxXqDooasI/hQJH4MwzH9Im7lhnKUxv6F8kVrhAH7rL0
ealVKPgZ/vHe3yGjvbwnzf6DRSioRZnWUIRdq0fEjQi/urkuyhZ2w9Wjsb0BtfVu
VRNh1QJ6fQ03ynJDIaW6iPRi0hpRafoIbU6luNHX78w5330fV1HfOw6EijTDKSWr
G3gF4vEDQZht
=BTqN
-----END PGP SIGNATURE-----
pgpzNYCYkiWVv.pgp
Description: PGP signature
--- End Message ---
