[SECURITY] [DLA 4310-1] ceph security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4310-1] ceph security update
From: rouca@debian.org
Date: Thu, 25 Sep 2025 23:35:38 +0200
Message-id: <[🔎] 254c832d5cc1a42836eab2a151ebe5f3@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4310-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
September 25, 2025                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ceph
Version        : 14.2.21-1+deb11u1
CVE ID         : CVE-2021-3979 CVE-2022-3650 CVE-2023-43040 CVE-2025-52555
Debian Bug     : 1024932 1053690 1108410

Ceph a distributed filesystem was affected by multiple vulnerabilties

CVE-2021-3979

    A key length flaw was found in Ceph Storage component.
    An attacker can exploit the fact that the key length is incorrectly
    passed in an encryption algorithm to create a non random key,
    which is weaker and can be exploited for loss of confidentiality
    and integrity on encrypted disks.

CVE-2022-3650

    A privilege escalation flaw was found in Ceph. Ceph-crash.service allows
    a local attacker to escalate privileges to root in the form of a crash
    dump, and dump privileged information.

CVE-2023-43040

    A flaw was found in Ceph RGW. An unprivileged
    user can write to any bucket(s) accessible by a given key
    if a POST's form-data contains a key called 'bucket'
    with a value matching the name of the bucket used to sign
    the request. The result of this is that a user could actually
    upload to any bucket accessible by the specified access key
    as long as the bucket in the POST policy matches the bucket
    in said POST form part.

CVE-2025-52555

    An unprivileged user can escalate to root privileges
    in a ceph-fuse mounted CephFS by chmod 777 a directory owned
    by root to gain access. The result of this is that a user could
    read, write and execute to any directory owned by root as long
    as they chmod 777 it. This impacts confidentiality,
    integrity, and availability.

For Debian 11 bullseye, these problems have been fixed in version
14.2.21-1+deb11u1.

We recommend that you upgrade your ceph packages.

For the detailed security status of ceph please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ceph

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmjVtaoACgkQADoaLapB
CF/FNw//cIJPnzqKP++uGpxVmDlhz2qZyaTsH19MHW6HDBBjtikHzTDPBG7A0vq1
iXngfwvDmWGt7abi140pFUi219Vx3wARNcFMNpW7TrD2sqT98WeCyMJVm38sXRao
ArtnVCQD2n5On3DIQ1/cMyxT57XFfgz/pGz3H/5DW/df3tKnlQTY0Qg+UFZm89Nh
BN+5Rv+xim+/wjJTIjdGNQDvWznLfurbfiRZnJLHUrrflIRvi9G8ccMyv/aH3EAW
huvM61lP8+oN2pN69SGNuJ+XMExAXlonNSXFHwxnwjsgEfsuludANYIUuflskgDZ
pmnV4hWtVLtlMGL74oK8HsDBiEnXDlLqtbLwIg/YVP67lJP1ZRhskF/CP1rCFRTU
PAZOdhcpYsNza+z45N+p25OziKTiLp0Exn3FBPg58fmTZVJWq3nccsT9+zGxv9Lb
rCY/3p2frR21ERXEfTuKdFirS0n83S5CVy54bYZDEWzNVTRk8vojEEfIvuDMg1NX
Qj2xvxr8LmDWNG9Mq08BSp1eJWjFF3qRFYkZPfVFFZvk6NkYVhZEs0QZLWagdsZa
y+s4wljSwPrqe/+YgKWjUBAEWvg9fbuUAPcVSnasJI9Hgl5xoPvVKKLYhRx4CERs
BHKVpaQMS5TSHY2/w4PDknYKX2zilidQZw+DIfZzIWCkcY57ArQ=
=/W8D
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4309-1] libxslt security update
Next by Date: [SECURITY] [DLA 4311-1] thunderbird security update
Previous by thread: [SECURITY] [DLA 4309-1] libxslt security update
Next by thread: [SECURITY] [DLA 4311-1] thunderbird security update
Index(es):
- Date
- Thread