CVE-2024-31884

Publication date 21 January 2026

Last updated 27 February 2026

Ubuntu priority

Why this priority?

Description

Incorrect usage of certificate checking via Pybind

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ceph	25.10 questing	Fixed 19.2.3-0ubuntu1.25.10.3
	24.04 LTS noble	Fixed 19.2.3-0ubuntu0.24.04.3
	22.04 LTS jammy	Fixed 17.2.9-0ubuntu0.22.04.2
	20.04 LTS focal	Fixed 15.2.17-0ubuntu0.20.04.6+esm1
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro 30-day free trial

Notes

mdeslaur

This is only the certificate checking when sending alerts over SMTP. affects 15.1.0+

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
ceph	Upstream: https://github.com/ceph/ceph/pull/66141 Upstream: https://github.com/ceph/ceph/pull/66142 Upstream: 5081933

References

Related Ubuntu Security Notices (USN)

USN-8045-1
Ceph vulnerabilities
24 February 2026