CVE-2024-48916

Publication date 3 December 2024

Last updated 6 January 2025

Ubuntu priority

Why this priority?

Authentication bypass in CEPH RadosGW

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ceph	24.10 oracular	Fixed 19.2.0-0ubuntu2.1
	24.04 LTS noble	Fixed 19.2.0-0ubuntu0.24.04.2
	22.04 LTS jammy	Fixed 17.2.7-0ubuntu0.22.04.2
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected

Notes

mdeslaur

Per Debian, was introduced by the following commit in 16.1.0: https://github.com/ceph/ceph/commit/7566664f89be062e0c9f3519dc60b94c8af5e2a4

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
ceph	Upstream: 88f3811

References

Related Ubuntu Security Notices (USN)

USN-7182-1
Ceph vulnerability
6 January 2025

Other references