{"id":"RHSA-2019:0911","summary":"Red Hat Security Advisory: Red Hat Ceph Storage 3.2 security, bug fix, and enhancement update","modified":"2025-11-22T11:41:10Z","published":"2024-09-18T04:09:31Z","upstream":["CVE-2018-12099","CVE-2018-19039"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0911"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3.2/html/release_notes/index"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506782"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1540881"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1593110"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1600138"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1636251"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1638092"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1639833"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1648168"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649697"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1653307"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656935"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1660962"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1664869"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666407"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666408"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666409"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668050"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668362"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669901"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670165"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670321"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670663"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672333"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672878"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1673687"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1674549"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1678470"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679263"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1680171"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1683997"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1684146"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1684283"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1684289"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1684435"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1684642"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1685733"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1685735"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687038"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687039"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687041"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687567"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687828"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1688330"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1688378"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1688541"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1688869"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689266"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1689410"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690941"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1692555"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1693445"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695174"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699478"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1701970"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702311"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0911.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-12099"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1590017"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-12099"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12099"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-19039"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-19039"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19039"},{"type":"ARTICLE","url":"https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961"}],"affected":[{"package":{"name":"ceph","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-base","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-base"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-common","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-debuginfo","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-fuse","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-fuse"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-mds","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-mds"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-mgr","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-mgr"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-mon","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-mon"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-osd","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-osd"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-radosgw","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-radosgw"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-selinux","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-selinux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-test","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-test"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"libcephfs-devel","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/libcephfs-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"libcephfs2","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/libcephfs2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"librados-devel","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/librados-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"librados2","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/librados2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"libradosstriper1","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/libradosstriper1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"librbd-devel","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/librbd-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"librbd1","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/librbd1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"librgw-devel","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/librgw-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"librgw2","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/librgw2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"python-cephfs","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/python-cephfs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"python-rados","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/python-rados"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"python-rbd","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/python-rbd"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"python-rgw","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/python-rgw"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"rbd-mirror","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/rbd-mirror"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.2.8-128.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"ceph-ansible","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/ceph-ansible"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.2.15-1.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}},{"package":{"name":"grafana","ecosystem":"Red Hat:ceph_storage:3::el7","purl":"pkg:rpm/redhat/grafana"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.2.4-2.el7cp"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2019:0911.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}