Ceph Nautilus and Octopus Security Update for "insecure global_id reclaim" CVE-2021-20288


Proxmox Staff Member
Staff member
Jul 28, 2015
South Tyrol/Italy
Could it be, that apt-get update/apt-get dist-upgrade doesn't update the base ceph packages beyond 12.2.11?
By default, yes. As that is the Ceph version one can update from the older Proxmox VE 5.4, and we need to stay compatible with that.

If you use Ceph on a Proxmox VE setup only as client I'd still recommend setting up the Ceph repository from us (but no need for full ceph server installation) see https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_package_repositories_ceph and run a standard system upgrade (apt update && apt full-upgrade or do so from the web-interface) to pull in newer client and librbd versions.
A migration afterwards is then still required to load the new librbd for the VMs.


Jan 31, 2020
Thanks - that was what I suspected and after adding the ceph pve repo another full-update did the trick. The warning regarding the clients has gone away.


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!