[ubuntu/questing-security] ceph 19.2.3-0ubuntu1.25.10.3 (Accepted)

Tue Feb 24 18:45:52 UTC 2026

ceph (19.2.3-0ubuntu1.25.10.3) questing-security; urgency=medium

  * SECURITY UPDATE: Improper certificate checking via Pybind
    - debian/patches/CVE-2024-31884.patch: Enforce ssl context validation to
      SMTP_SSL in src/pybind/mgr/alerts/module.py
    - CVE-2024-31884
  * SECURITY UPDATE: Denial of service by passing empty header argument
    - debian/patches/CVE-2024-47866.patch: Ensure `HTTP_X_AMZ_COPY_SOURCE`
      header is empty in src/rgw/rgw_op.cc
    - CVE-2024-47866

Date: 2026-02-16 20:20:11.358223+00:00
Changed-By: Shafayat Hossain Majumder <shafayat.majumder at canonical.com>
Signed-By: Federico Quattrin <federico.quattrin at canonical.com>
https://launchpad.net/ubuntu/+source/ceph/19.2.3-0ubuntu1.25.10.3
-------------- next part --------------
Sorry, changesfile not available.