RHSA-2017:0484
Vulnerability from csaf_redhat
Published
2017-03-23 05:06
Modified
2024-11-14 18:12
Summary
Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update
Notes
Topic
An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.
The following packages have been upgraded to a later upstream version: glusterfs (3.8.4), redhat-storage-server (3.2.0.3). (BZ#1362373)
Security Fix(es):
* It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package. (CVE-2015-1795)
This issue was discovered by Florian Weimer of Red Hat Product Security.
Bug Fix(es):
* Bricks remain stopped if server quorum is no longer met, or if server quorum is disabled, to ensure that bricks in maintenance are not started incorrectly. (BZ#1340995)
* The metadata cache translator has been updated to improve Red Hat Gluster Storage performance when reading small files. (BZ#1427783)
* The 'gluster volume add-brick' command is no longer allowed when the replica count has increased and any replica bricks are unavailable. (BZ#1404989)
* Split-brain resolution commands work regardless of whether client-side heal or the self-heal daemon are enabled. (BZ#1403840)
Enhancement(s):
* Red Hat Gluster Storage now provides Transport Layer Security support for Samba and NFS-Ganesha. (BZ#1340608, BZ#1371475)
* A new reset-sync-time option enables resetting the sync time attribute to zero when required. (BZ#1205162)
* Tiering demotions are now triggered at most 5 seconds after a hi-watermark breach event. Administrators can use the cluster.tier-query-limit volume parameter to specify the number of records extracted from the heat database during demotion. (BZ#1361759)
* The /var/log/glusterfs/etc-glusterfs-glusterd.vol.log file is now named /var/log/glusterfs/glusterd.log. (BZ#1306120)
* The 'gluster volume attach-tier/detach-tier' commands are considered deprecated in favor of the new commands, 'gluster volume tier VOLNAME attach/detach'. (BZ#1388464)
* The HA_VOL_SERVER parameter in the ganesha-ha.conf file is no longer used by Red Hat Gluster Storage. (BZ#1348954)
* The volfile server role can now be passed to another server when a server is unavailable. (BZ#1351949)
* Ports can now be reused when they stop being used by another service. (BZ#1263090)
* The thread pool limit for the rebalance process is now dynamic, and is determined based on the number of available cores. (BZ#1352805)
* Brick verification at reboot now uses UUID instead of brick path. (BZ#1336267)
* LOGIN_NAME_MAX is now used as the maximum length for the slave user instead of __POSIX_LOGIN_NAME_MAX, allowing for up to 256 characters including the NULL byte. (BZ#1400365)
* The client identifier is now included in the log message to make it easier to determine which client failed to connect. (BZ#1333885)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.\n\nThe following packages have been upgraded to a later upstream version: glusterfs (3.8.4), redhat-storage-server (3.2.0.3). (BZ#1362373)\n\nSecurity Fix(es):\n\n* It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package. (CVE-2015-1795)\n\nThis issue was discovered by Florian Weimer of Red Hat Product Security.\n\nBug Fix(es):\n\n* Bricks remain stopped if server quorum is no longer met, or if server quorum is disabled, to ensure that bricks in maintenance are not started incorrectly. (BZ#1340995)\n\n* The metadata cache translator has been updated to improve Red Hat Gluster Storage performance when reading small files. (BZ#1427783)\n\n* The \u0027gluster volume add-brick\u0027 command is no longer allowed when the replica count has increased and any replica bricks are unavailable. (BZ#1404989)\n\n* Split-brain resolution commands work regardless of whether client-side heal or the self-heal daemon are enabled. (BZ#1403840)\n\nEnhancement(s):\n\n* Red Hat Gluster Storage now provides Transport Layer Security support for Samba and NFS-Ganesha. (BZ#1340608, BZ#1371475)\n\n* A new reset-sync-time option enables resetting the sync time attribute to zero when required. (BZ#1205162)\n\n* Tiering demotions are now triggered at most 5 seconds after a hi-watermark breach event. Administrators can use the cluster.tier-query-limit volume parameter to specify the number of records extracted from the heat database during demotion. (BZ#1361759)\n\n* The /var/log/glusterfs/etc-glusterfs-glusterd.vol.log file is now named /var/log/glusterfs/glusterd.log. (BZ#1306120)\n\n* The \u0027gluster volume attach-tier/detach-tier\u0027 commands are considered deprecated in favor of the new commands, \u0027gluster volume tier VOLNAME attach/detach\u0027. (BZ#1388464)\n\n* The HA_VOL_SERVER parameter in the ganesha-ha.conf file is no longer used by Red Hat Gluster Storage. (BZ#1348954)\n\n* The volfile server role can now be passed to another server when a server is unavailable. (BZ#1351949)\n\n* Ports can now be reused when they stop being used by another service. (BZ#1263090)\n\n* The thread pool limit for the rebalance process is now dynamic, and is determined based on the number of available cores. (BZ#1352805)\n\n* Brick verification at reboot now uses UUID instead of brick path. (BZ#1336267)\n\n* LOGIN_NAME_MAX is now used as the maximum length for the slave user instead of __POSIX_LOGIN_NAME_MAX, allowing for up to 256 characters including the NULL byte. (BZ#1400365)\n\n* The client identifier is now included in the log message to make it easier to determine which client failed to connect. (BZ#1333885)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:0484",
"url": "https://access.redhat.com/errata/RHSA-2017:0484"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.2/html/3.2_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.2/html/3.2_release_notes/"
},
{
"category": "external",
"summary": "1200927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1200927"
},
{
"category": "external",
"summary": "1362373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362373"
},
{
"category": "external",
"summary": "1375059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375059"
},
{
"category": "external",
"summary": "1382319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1382319"
},
{
"category": "external",
"summary": "1403587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403587"
},
{
"category": "external",
"summary": "1403919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403919"
},
{
"category": "external",
"summary": "1404551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404551"
},
{
"category": "external",
"summary": "1424944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424944"
},
{
"category": "external",
"summary": "1425748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1425748"
},
{
"category": "external",
"summary": "1432972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432972"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0484.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-14T18:12:46+00:00",
"generator": {
"date": "2024-11-14T18:12:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2017:0484",
"initial_release_date": "2017-03-23T05:06:37+00:00",
"revision_history": [
{
"date": "2017-03-23T05:06:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-03-23T05:06:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T18:12:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product": {
"name": "Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.2:server:el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product": {
"name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3:client:el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "glusterfs-fuse-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-fuse-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-fuse-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-fuse@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-rdma-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-rdma-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-rdma-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-rdma@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-cli-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-cli-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-cli-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-cli@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-devel-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-devel-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-devel-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-devel@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-libs-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-libs-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-libs-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-libs@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-api-devel-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-api-devel-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-api-devel-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-api-devel@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-geo-replication-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-geo-replication-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-geo-replication-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-geo-replication@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-client-xlators-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-client-xlators-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-client-xlators-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-client-xlators@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-ganesha-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-ganesha-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-ganesha-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-ganesha@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-events-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-events-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-events-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-events@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-server-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-server-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-server-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-server@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-debuginfo-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-debuginfo-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-debuginfo-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-debuginfo@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-api-0:3.8.4-18.el6rhs.x86_64",
"product": {
"name": "glusterfs-api-0:3.8.4-18.el6rhs.x86_64",
"product_id": "glusterfs-api-0:3.8.4-18.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-api@3.8.4-18.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-debuginfo-0:3.8.4-18.el6.x86_64",
"product": {
"name": "glusterfs-debuginfo-0:3.8.4-18.el6.x86_64",
"product_id": "glusterfs-debuginfo-0:3.8.4-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-debuginfo@3.8.4-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-cli-0:3.8.4-18.el6.x86_64",
"product": {
"name": "glusterfs-cli-0:3.8.4-18.el6.x86_64",
"product_id": "glusterfs-cli-0:3.8.4-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-cli@3.8.4-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-devel-0:3.8.4-18.el6.x86_64",
"product": {
"name": "glusterfs-devel-0:3.8.4-18.el6.x86_64",
"product_id": "glusterfs-devel-0:3.8.4-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-devel@3.8.4-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-libs-0:3.8.4-18.el6.x86_64",
"product": {
"name": "glusterfs-libs-0:3.8.4-18.el6.x86_64",
"product_id": "glusterfs-libs-0:3.8.4-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-libs@3.8.4-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-api-devel-0:3.8.4-18.el6.x86_64",
"product": {
"name": "glusterfs-api-devel-0:3.8.4-18.el6.x86_64",
"product_id": "glusterfs-api-devel-0:3.8.4-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-api-devel@3.8.4-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-fuse-0:3.8.4-18.el6.x86_64",
"product": {
"name": "glusterfs-fuse-0:3.8.4-18.el6.x86_64",
"product_id": "glusterfs-fuse-0:3.8.4-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-fuse@3.8.4-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.8.4-18.el6.x86_64",
"product": {
"name": "glusterfs-0:3.8.4-18.el6.x86_64",
"product_id": "glusterfs-0:3.8.4-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.8.4-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-api-0:3.8.4-18.el6.x86_64",
"product": {
"name": "glusterfs-api-0:3.8.4-18.el6.x86_64",
"product_id": "glusterfs-api-0:3.8.4-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-api@3.8.4-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-rdma-0:3.8.4-18.el6.x86_64",
"product": {
"name": "glusterfs-rdma-0:3.8.4-18.el6.x86_64",
"product_id": "glusterfs-rdma-0:3.8.4-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-rdma@3.8.4-18.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-client-xlators-0:3.8.4-18.el6.x86_64",
"product": {
"name": "glusterfs-client-xlators-0:3.8.4-18.el6.x86_64",
"product_id": "glusterfs-client-xlators-0:3.8.4-18.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-client-xlators@3.8.4-18.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "glusterfs-0:3.8.4-18.el6rhs.src",
"product": {
"name": "glusterfs-0:3.8.4-18.el6rhs.src",
"product_id": "glusterfs-0:3.8.4-18.el6rhs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.8.4-18.el6rhs?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-storage-server-0:3.2.0.3-1.el6rhs.src",
"product": {
"name": "redhat-storage-server-0:3.2.0.3-1.el6rhs.src",
"product_id": "redhat-storage-server-0:3.2.0.3-1.el6rhs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-storage-server@3.2.0.3-1.el6rhs?arch=src"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.8.4-18.el6.src",
"product": {
"name": "glusterfs-0:3.8.4-18.el6.src",
"product_id": "glusterfs-0:3.8.4-18.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.8.4-18.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-gluster-0:3.8.4-18.el6rhs.noarch",
"product": {
"name": "python-gluster-0:3.8.4-18.el6rhs.noarch",
"product_id": "python-gluster-0:3.8.4-18.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-gluster@3.8.4-18.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-storage-server-0:3.2.0.3-1.el6rhs.noarch",
"product": {
"name": "redhat-storage-server-0:3.2.0.3-1.el6rhs.noarch",
"product_id": "redhat-storage-server-0:3.2.0.3-1.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-storage-server@3.2.0.3-1.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-gluster-0:3.8.4-18.el6.noarch",
"product": {
"name": "python-gluster-0:3.8.4-18.el6.noarch",
"product_id": "python-gluster-0:3.8.4-18.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-gluster@3.8.4-18.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.8.4-18.el6rhs.src as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-0:3.8.4-18.el6rhs.src"
},
"product_reference": "glusterfs-0:3.8.4-18.el6rhs.src",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-api-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-api-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-api-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-api-devel-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-api-devel-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-api-devel-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-cli-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-cli-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-cli-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-client-xlators-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-client-xlators-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-client-xlators-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-debuginfo-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-debuginfo-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-debuginfo-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-devel-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-devel-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-events-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-events-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-events-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-fuse-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-fuse-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-fuse-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-ganesha-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-ganesha-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-ganesha-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-geo-replication-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-geo-replication-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-geo-replication-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-libs-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-libs-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-libs-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-rdma-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-rdma-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-rdma-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-server-0:3.8.4-18.el6rhs.x86_64 as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:glusterfs-server-0:3.8.4-18.el6rhs.x86_64"
},
"product_reference": "glusterfs-server-0:3.8.4-18.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gluster-0:3.8.4-18.el6rhs.noarch as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:python-gluster-0:3.8.4-18.el6rhs.noarch"
},
"product_reference": "python-gluster-0:3.8.4-18.el6rhs.noarch",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-storage-server-0:3.2.0.3-1.el6rhs.noarch as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:redhat-storage-server-0:3.2.0.3-1.el6rhs.noarch"
},
"product_reference": "redhat-storage-server-0:3.2.0.3-1.el6rhs.noarch",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-storage-server-0:3.2.0.3-1.el6rhs.src as a component of Red Hat Gluster Storage Server 3.2 on RHEL-6",
"product_id": "6Server-RH-Gluster-3.2-Server:redhat-storage-server-0:3.2.0.3-1.el6rhs.src"
},
"product_reference": "redhat-storage-server-0:3.2.0.3-1.el6rhs.src",
"relates_to_product_reference": "6Server-RH-Gluster-3.2-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.8.4-18.el6.src as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-0:3.8.4-18.el6.src"
},
"product_reference": "glusterfs-0:3.8.4-18.el6.src",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.8.4-18.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-0:3.8.4-18.el6.x86_64"
},
"product_reference": "glusterfs-0:3.8.4-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-api-0:3.8.4-18.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-api-0:3.8.4-18.el6.x86_64"
},
"product_reference": "glusterfs-api-0:3.8.4-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-api-devel-0:3.8.4-18.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-api-devel-0:3.8.4-18.el6.x86_64"
},
"product_reference": "glusterfs-api-devel-0:3.8.4-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-cli-0:3.8.4-18.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-cli-0:3.8.4-18.el6.x86_64"
},
"product_reference": "glusterfs-cli-0:3.8.4-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-client-xlators-0:3.8.4-18.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-client-xlators-0:3.8.4-18.el6.x86_64"
},
"product_reference": "glusterfs-client-xlators-0:3.8.4-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-debuginfo-0:3.8.4-18.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-debuginfo-0:3.8.4-18.el6.x86_64"
},
"product_reference": "glusterfs-debuginfo-0:3.8.4-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-0:3.8.4-18.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-devel-0:3.8.4-18.el6.x86_64"
},
"product_reference": "glusterfs-devel-0:3.8.4-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-fuse-0:3.8.4-18.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-fuse-0:3.8.4-18.el6.x86_64"
},
"product_reference": "glusterfs-fuse-0:3.8.4-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-libs-0:3.8.4-18.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-libs-0:3.8.4-18.el6.x86_64"
},
"product_reference": "glusterfs-libs-0:3.8.4-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-rdma-0:3.8.4-18.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-rdma-0:3.8.4-18.el6.x86_64"
},
"product_reference": "glusterfs-rdma-0:3.8.4-18.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gluster-0:3.8.4-18.el6.noarch as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:python-gluster-0:3.8.4-18.el6.noarch"
},
"product_reference": "python-gluster-0:3.8.4-18.el6.noarch",
"relates_to_product_reference": "6Server-RHSClient"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-1795",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2015-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1200927"
}
],
"notes": [
{
"category": "description",
"text": "It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: glusterfs-server %pretrans rpm script temporary file issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of glusterfs as shipped\nwith Red Hat Enterprise Linux 6, and 7.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RH-Gluster-3.2-Server:glusterfs-0:3.8.4-18.el6rhs.src",
"6Server-RH-Gluster-3.2-Server:glusterfs-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-api-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-api-devel-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-cli-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-client-xlators-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-debuginfo-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-devel-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-events-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-fuse-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-ganesha-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-geo-replication-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-libs-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-rdma-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-server-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:python-gluster-0:3.8.4-18.el6rhs.noarch",
"6Server-RH-Gluster-3.2-Server:redhat-storage-server-0:3.2.0.3-1.el6rhs.noarch",
"6Server-RH-Gluster-3.2-Server:redhat-storage-server-0:3.2.0.3-1.el6rhs.src",
"6Server-RHSClient:glusterfs-0:3.8.4-18.el6.src",
"6Server-RHSClient:glusterfs-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-api-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-api-devel-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-cli-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-client-xlators-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-libs-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:python-gluster-0:3.8.4-18.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1795"
},
{
"category": "external",
"summary": "RHBZ#1200927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1200927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1795"
}
],
"release_date": "2015-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-23T05:06:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RH-Gluster-3.2-Server:glusterfs-0:3.8.4-18.el6rhs.src",
"6Server-RH-Gluster-3.2-Server:glusterfs-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-api-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-api-devel-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-cli-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-client-xlators-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-debuginfo-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-devel-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-events-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-fuse-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-ganesha-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-geo-replication-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-libs-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-rdma-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-server-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:python-gluster-0:3.8.4-18.el6rhs.noarch",
"6Server-RH-Gluster-3.2-Server:redhat-storage-server-0:3.2.0.3-1.el6rhs.noarch",
"6Server-RH-Gluster-3.2-Server:redhat-storage-server-0:3.2.0.3-1.el6rhs.src",
"6Server-RHSClient:glusterfs-0:3.8.4-18.el6.src",
"6Server-RHSClient:glusterfs-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-api-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-api-devel-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-cli-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-client-xlators-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-libs-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:python-gluster-0:3.8.4-18.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0484"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-RH-Gluster-3.2-Server:glusterfs-0:3.8.4-18.el6rhs.src",
"6Server-RH-Gluster-3.2-Server:glusterfs-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-api-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-api-devel-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-cli-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-client-xlators-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-debuginfo-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-devel-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-events-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-fuse-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-ganesha-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-geo-replication-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-libs-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-rdma-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:glusterfs-server-0:3.8.4-18.el6rhs.x86_64",
"6Server-RH-Gluster-3.2-Server:python-gluster-0:3.8.4-18.el6rhs.noarch",
"6Server-RH-Gluster-3.2-Server:redhat-storage-server-0:3.2.0.3-1.el6rhs.noarch",
"6Server-RH-Gluster-3.2-Server:redhat-storage-server-0:3.2.0.3-1.el6rhs.src",
"6Server-RHSClient:glusterfs-0:3.8.4-18.el6.src",
"6Server-RHSClient:glusterfs-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-api-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-api-devel-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-cli-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-client-xlators-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-libs-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.8.4-18.el6.x86_64",
"6Server-RHSClient:python-gluster-0:3.8.4-18.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glusterfs: glusterfs-server %pretrans rpm script temporary file issue"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.