Red Hat Security Advisory: New container image: rhceph-9.0
🔗 CVE IDs covered (12)
📋 Description
CVE-2021-23358 — nodejs-underscore: Arbitrary code execution via the template function CVE-2024-45310 — runc: runc can be tricked into creating empty files/directories on host CVE-2024-51744 — golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt CVE-2024-55565 — nanoid: nanoid mishandles non-integer values CVE-2025-6176 — Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS CVE-2025-7783 — form-data: Unsafe random function in form-data CVE-2025-14104 — util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames CVE-2025-22868 — golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws CVE-2025-26791 — dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling CVE-2025-66418 — urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2026-21441 — urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
🔗 References (28)
- selfhttps://access.redhat.com/errata/RHSA-2026:3406
- externalhttps://access.redhat.com/security/cve/CVE-2021-23358
- externalhttps://access.redhat.com/security/cve/CVE-2024-51744
- externalhttps://access.redhat.com/security/cve/CVE-2024-55565
- externalhttps://access.redhat.com/security/cve/CVE-2025-14104
- externalhttps://access.redhat.com/security/cve/CVE-2025-22868
- externalhttps://access.redhat.com/security/cve/CVE-2025-26791
- externalhttps://access.redhat.com/security/cve/CVE-2025-6176
- externalhttps://access.redhat.com/security/cve/CVE-2025-66418
- externalhttps://access.redhat.com/security/cve/CVE-2025-66471
- externalhttps://access.redhat.com/security/cve/CVE-2025-7783
- externalhttps://access.redhat.com/security/cve/CVE-2026-21441
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2408762
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2419369
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2419455
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2419467
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2427726
- externalhttps://docs.redhat.com/en/documentation/red_hat_ceph_storage/
- externalhttps://issues.redhat.com/browse/RHCEPH-12073
- externalhttps://issues.redhat.com/browse/RHCEPH-12075
- externalhttps://issues.redhat.com/browse/RHCEPH-12417
- externalhttps://issues.redhat.com/browse/RHCEPH-12470
- externalhttps://issues.redhat.com/browse/RHCEPH-12508
- externalhttps://issues.redhat.com/browse/RHCEPH-12555
- externalhttps://issues.redhat.com/browse/RHCEPH-12558
- externalhttps://issues.redhat.com/browse/RHCEPH-12577
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3406.json