{"schema_version":"1.7.2","id":"OESA-2026-1542","modified":"2026-03-15T05:52:36Z","published":"2026-03-15T05:52:36Z","upstream":["CVE-2024-47866"],"summary":"ceph security update","details":"Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.\r\n\r\nSecurity Fix(es):\n\nCeph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.(CVE-2024-47866)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"ceph","purl":"pkg:rpm/openEuler/ceph&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"16.2.7-25.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["ceph-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-base-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-common-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-debuginfo-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-debugsource-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-fuse-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-immutable-object-cache-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-mds-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-mgr-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-mon-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-osd-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-radosgw-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-resource-agents-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-selinux-16.2.7-25.oe2203sp4.aarch64.rpm","ceph-test-16.2.7-25.oe2203sp4.aarch64.rpm","cephfs-mirror-16.2.7-25.oe2203sp4.aarch64.rpm","libcephfs-devel-16.2.7-25.oe2203sp4.aarch64.rpm","libcephfs2-16.2.7-25.oe2203sp4.aarch64.rpm","libcephsqlite-16.2.7-25.oe2203sp4.aarch64.rpm","libcephsqlite-devel-16.2.7-25.oe2203sp4.aarch64.rpm","librados-devel-16.2.7-25.oe2203sp4.aarch64.rpm","librados2-16.2.7-25.oe2203sp4.aarch64.rpm","libradospp-devel-16.2.7-25.oe2203sp4.aarch64.rpm","libradosstriper-devel-16.2.7-25.oe2203sp4.aarch64.rpm","libradosstriper1-16.2.7-25.oe2203sp4.aarch64.rpm","librbd-devel-16.2.7-25.oe2203sp4.aarch64.rpm","librbd1-16.2.7-25.oe2203sp4.aarch64.rpm","librgw-devel-16.2.7-25.oe2203sp4.aarch64.rpm","librgw2-16.2.7-25.oe2203sp4.aarch64.rpm","python3-ceph-argparse-16.2.7-25.oe2203sp4.aarch64.rpm","python3-ceph-common-16.2.7-25.oe2203sp4.aarch64.rpm","python3-cephfs-16.2.7-25.oe2203sp4.aarch64.rpm","python3-rados-16.2.7-25.oe2203sp4.aarch64.rpm","python3-rbd-16.2.7-25.oe2203sp4.aarch64.rpm","python3-rgw-16.2.7-25.oe2203sp4.aarch64.rpm","rados-objclass-devel-16.2.7-25.oe2203sp4.aarch64.rpm","rbd-fuse-16.2.7-25.oe2203sp4.aarch64.rpm","rbd-mirror-16.2.7-25.oe2203sp4.aarch64.rpm","rbd-nbd-16.2.7-25.oe2203sp4.aarch64.rpm"],"noarch":["ceph-grafana-dashboards-16.2.7-25.oe2203sp4.noarch.rpm","ceph-mgr-cephadm-16.2.7-25.oe2203sp4.noarch.rpm","ceph-mgr-dashboard-16.2.7-25.oe2203sp4.noarch.rpm","ceph-mgr-diskprediction-local-16.2.7-25.oe2203sp4.noarch.rpm","ceph-mgr-k8sevents-16.2.7-25.oe2203sp4.noarch.rpm","ceph-mgr-modules-core-16.2.7-25.oe2203sp4.noarch.rpm","ceph-mgr-rook-16.2.7-25.oe2203sp4.noarch.rpm","ceph-prometheus-alerts-16.2.7-25.oe2203sp4.noarch.rpm","cephadm-16.2.7-25.oe2203sp4.noarch.rpm","cephfs-top-16.2.7-25.oe2203sp4.noarch.rpm"],"src":["ceph-16.2.7-25.oe2203sp4.src.rpm"],"x86_64":["ceph-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-base-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-common-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-debuginfo-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-debugsource-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-fuse-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-immutable-object-cache-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-mds-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-mgr-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-mon-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-osd-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-radosgw-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-resource-agents-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-selinux-16.2.7-25.oe2203sp4.x86_64.rpm","ceph-test-16.2.7-25.oe2203sp4.x86_64.rpm","cephfs-mirror-16.2.7-25.oe2203sp4.x86_64.rpm","libcephfs-devel-16.2.7-25.oe2203sp4.x86_64.rpm","libcephfs2-16.2.7-25.oe2203sp4.x86_64.rpm","libcephsqlite-16.2.7-25.oe2203sp4.x86_64.rpm","libcephsqlite-devel-16.2.7-25.oe2203sp4.x86_64.rpm","librados-devel-16.2.7-25.oe2203sp4.x86_64.rpm","librados2-16.2.7-25.oe2203sp4.x86_64.rpm","libradospp-devel-16.2.7-25.oe2203sp4.x86_64.rpm","libradosstriper-devel-16.2.7-25.oe2203sp4.x86_64.rpm","libradosstriper1-16.2.7-25.oe2203sp4.x86_64.rpm","librbd-devel-16.2.7-25.oe2203sp4.x86_64.rpm","librbd1-16.2.7-25.oe2203sp4.x86_64.rpm","librgw-devel-16.2.7-25.oe2203sp4.x86_64.rpm","librgw2-16.2.7-25.oe2203sp4.x86_64.rpm","python3-ceph-argparse-16.2.7-25.oe2203sp4.x86_64.rpm","python3-ceph-common-16.2.7-25.oe2203sp4.x86_64.rpm","python3-cephfs-16.2.7-25.oe2203sp4.x86_64.rpm","python3-rados-16.2.7-25.oe2203sp4.x86_64.rpm","python3-rbd-16.2.7-25.oe2203sp4.x86_64.rpm","python3-rgw-16.2.7-25.oe2203sp4.x86_64.rpm","rados-objclass-devel-16.2.7-25.oe2203sp4.x86_64.rpm","rbd-fuse-16.2.7-25.oe2203sp4.x86_64.rpm","rbd-mirror-16.2.7-25.oe2203sp4.x86_64.rpm","rbd-nbd-16.2.7-25.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1542"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47866"}],"database_specific":{"severity":"High"}}