RHSA-2026:2769

Description

Red Hat Security Advisory: Red Hat Ceph Storage 7.1 security and bug fix updates

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• redhat•ceph

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-base

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-base-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-common

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-common-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-debugsource

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-exporter-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-fuse

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-fuse-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-immutable-object-cache

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-immutable-object-cache-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-mds-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-mgr-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-mib

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-mon-client-nvmeof-debuginfo

  < 2:18.2.1-381.el9cp

• redhat•ceph-mon-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-osd-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-radosgw-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-resource-agents

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-selinux

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•ceph-test-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•cephadm

  < 2:18.2.1-381.el9cp

• redhat•cephfs-mirror-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•cephfs-top

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•libcephfs-devel

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•libcephfs2

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•libcephfs2-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•libcephsqlite-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•librados-devel

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•librados-devel-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•librados2

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•librados2-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•libradospp-devel

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•libradosstriper1

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•libradosstriper1-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•librbd-devel

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•librbd1

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•librbd1-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•librgw-devel

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•librgw2

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•librgw2-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•python3-ceph-argparse

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•python3-ceph-common

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•python3-cephfs

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•python3-cephfs-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•python3-rados

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•python3-rados-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•python3-rbd

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

• redhat•python3-rbd-debuginfo

  < 2:18.2.1-381.el8cp | < 2:18.2.1-381.el9cp

Showing first 50 affected entries in server-rendered view.

References (85)

• https://access.redhat.com/errata/RHSA-2026:2769
• https://access.redhat.com/security/updates/classification/#important
• https://bugzilla.redhat.com/show_bug.cgi?id=1944286
• https://bugzilla.redhat.com/show_bug.cgi?id=2112230
• https://bugzilla.redhat.com/show_bug.cgi?id=2272997
• https://bugzilla.redhat.com/show_bug.cgi?id=2273911
• https://bugzilla.redhat.com/show_bug.cgi?id=2312579
• https://bugzilla.redhat.com/show_bug.cgi?id=2323735
• https://bugzilla.redhat.com/show_bug.cgi?id=2329426
• https://bugzilla.redhat.com/show_bug.cgi?id=2345695
• https://bugzilla.redhat.com/show_bug.cgi?id=2360974
• https://bugzilla.redhat.com/show_bug.cgi?id=2372611
• https://bugzilla.redhat.com/show_bug.cgi?id=2374412
• https://bugzilla.redhat.com/show_bug.cgi?id=2389907
• https://bugzilla.redhat.com/show_bug.cgi?id=2392386
• https://bugzilla.redhat.com/show_bug.cgi?id=2392861
• https://bugzilla.redhat.com/show_bug.cgi?id=2404076
• https://bugzilla.redhat.com/show_bug.cgi?id=2404656
• https://bugzilla.redhat.com/show_bug.cgi?id=2404880
• https://bugzilla.redhat.com/show_bug.cgi?id=2412237
• https://bugzilla.redhat.com/show_bug.cgi?id=2412474
• https://bugzilla.redhat.com/show_bug.cgi?id=2414844
• https://bugzilla.redhat.com/show_bug.cgi?id=2414943
• https://bugzilla.redhat.com/show_bug.cgi?id=2416314
• https://bugzilla.redhat.com/show_bug.cgi?id=2418462
• https://bugzilla.redhat.com/show_bug.cgi?id=2428617
• https://bugzilla.redhat.com/show_bug.cgi?id=2432069
• https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2769.json
• https://access.redhat.com/security/cve/CVE-2021-23358
• https://www.cve.org/CVERecord?id=CVE-2021-23358
• https://nvd.nist.gov/vuln/detail/CVE-2021-23358
• https://access.redhat.com/security/cve/CVE-2022-34749
• https://www.cve.org/CVERecord?id=CVE-2022-34749
• https://nvd.nist.gov/vuln/detail/CVE-2022-34749
• https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2
• https://access.redhat.com/security/cve/CVE-2024-11831
• https://www.cve.org/CVERecord?id=CVE-2024-11831
• https://nvd.nist.gov/vuln/detail/CVE-2024-11831
• https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e
• https://github.com/yahoo/serialize-javascript/pull/173
• https://access.redhat.com/security/cve/CVE-2024-31884
• https://www.cve.org/CVERecord?id=CVE-2024-31884
• https://nvd.nist.gov/vuln/detail/CVE-2024-31884
• https://access.redhat.com/security/cve/CVE-2024-47866
• https://www.cve.org/CVERecord?id=CVE-2024-47866
• https://nvd.nist.gov/vuln/detail/CVE-2024-47866
• https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8
• https://access.redhat.com/security/cve/CVE-2024-51744
• https://www.cve.org/CVERecord?id=CVE-2024-51744
• https://nvd.nist.gov/vuln/detail/CVE-2024-51744
• https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c
• https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r
• https://access.redhat.com/security/cve/CVE-2024-55565
• https://bugzilla.redhat.com/show_bug.cgi?id=2331063
• https://www.cve.org/CVERecord?id=CVE-2024-55565
• https://nvd.nist.gov/vuln/detail/CVE-2024-55565
• https://github.com/ai/nanoid/compare/3.3.7...3.3.8
• https://github.com/ai/nanoid/pull/510
• https://github.com/ai/nanoid/releases/tag/5.0.9
• https://access.redhat.com/security/cve/CVE-2025-26791
• https://www.cve.org/CVERecord?id=CVE-2025-26791
• https://nvd.nist.gov/vuln/detail/CVE-2025-26791
• https://ensy.zip/posts/dompurify-323-bypass/
• https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02
• https://github.com/cure53/DOMPurify/releases/tag/3.2.4
• https://nsysean.github.io/posts/dompurify-323-bypass/
• https://access.redhat.com/security/cve/CVE-2025-47913
• https://www.cve.org/CVERecord?id=CVE-2025-47913
• https://nvd.nist.gov/vuln/detail/CVE-2025-47913
• https://github.com/advisories/GHSA-hcg3-q754-cr77
• https://go.dev/cl/700295
• https://go.dev/issue/75178
• https://pkg.go.dev/vuln/GO-2025-4116
• https://access.redhat.com/security/cve/CVE-2025-52555
• https://www.cve.org/CVERecord?id=CVE-2025-52555
• https://nvd.nist.gov/vuln/detail/CVE-2025-52555
• https://github.com/ceph/ceph/pull/60314
• https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm
• https://access.redhat.com/security/cve/CVE-2025-61729
• https://www.cve.org/CVERecord?id=CVE-2025-61729
• https://nvd.nist.gov/vuln/detail/CVE-2025-61729
• https://go.dev/cl/725920
• https://go.dev/issue/76445
• https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
• https://pkg.go.dev/vuln/GO-2025-4155