| Package | ceph |
|---|---|
| Version | 10.2.11-2+deb9u4 (stretch), 12.2.11+dfsg1-2.1+deb10u3 (buster) |
| Related CVEs | CVE-2024-47866 |
Ceph is a distributed object, block, and file storage platform. Using the
argument x-amz-copy-source to put an object and specifying an empty string
as its content leads to the RGW daemon crashing, resulting in a DoS attack.
For Debian 10 buster, these problems have been fixed in version 12.2.11+dfsg1-2.1+deb10u3.
For Debian 9 stretch, these problems have been fixed in version 10.2.11-2+deb9u4.
We recommend that you upgrade your ceph packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.