Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-10911 (GCVE-0-2018-10911)
Vulnerability from cvelistv5 – Published: 2018-09-04 14:00 – Updated: 2024-08-05 07:54
VLAI
EPSS
Summary
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
Severity
6.5 (Medium)
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://review.gluster.org/#/c/glusterfs/+/21067/ | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:2607 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:2608 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3470 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2892 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3242 | vendor-advisoryx_refsource_REDHAT |
| https://security.gentoo.org/glsa/201904-06 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | glusterfs: |
Affected:
n/a
|
Date Public
2018-09-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:35.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.gluster.org/#/c/glusterfs/+/21067/"
},
{
"name": "RHSA-2018:2607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911"
},
{
"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
},
{
"name": "RHSA-2018:2608",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2608"
},
{
"name": "RHSA-2018:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"name": "RHSA-2018:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2892"
},
{
"name": "RHSA-2018:3242",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3242"
},
{
"name": "GLSA-201904-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "openSUSE-SU-2020:0079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "glusterfs:",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T02:06:14.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.gluster.org/#/c/glusterfs/+/21067/"
},
{
"name": "RHSA-2018:2607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911"
},
{
"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
},
{
"name": "RHSA-2018:2608",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2608"
},
{
"name": "RHSA-2018:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"name": "RHSA-2018:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2892"
},
{
"name": "RHSA-2018:3242",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3242"
},
{
"name": "GLSA-201904-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "openSUSE-SU-2020:0079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glusterfs:",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://review.gluster.org/#/c/glusterfs/+/21067/",
"refsource": "CONFIRM",
"url": "https://review.gluster.org/#/c/glusterfs/+/21067/"
},
{
"name": "RHSA-2018:2607",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911"
},
{
"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
},
{
"name": "RHSA-2018:2608",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2608"
},
{
"name": "RHSA-2018:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"name": "RHSA-2018:2892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2892"
},
{
"name": "RHSA-2018:3242",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3242"
},
{
"name": "GLSA-201904-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "openSUSE-SU-2020:0079",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10911",
"datePublished": "2018-09-04T14:00:00.000Z",
"dateReserved": "2018-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:54:35.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-10911",
"date": "2026-05-26",
"epss": "0.04332",
"percentile": "0.89039"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.12.0\", \"versionEndExcluding\": \"3.12.14\", \"matchCriteriaId\": \"FB3DEA10-0AA0-4A16-8A90-6C59FDF2A702\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1.0\", \"versionEndExcluding\": \"4.1.8\", \"matchCriteriaId\": \"F5A10693-F756-4E39-AE58-521BDD8488AA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB28F9AF-3D06-4532-B397-96D7E4792503\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un error en la forma en la que la funci\\u00f3n dic_unserialize en glusterfs no gestiona los valores de longitud de clave negativos. Un atacante podr\\u00eda utilizar este error para leer la memoria de otras ubicaciones en el valor dict almacenado.\"}]",
"id": "CVE-2018-10911",
"lastModified": "2024-11-21T03:42:17.023",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-09-04T14:29:00.220",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2607\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2608\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2892\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3242\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3470\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://review.gluster.org/#/c/glusterfs/+/21067/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201904-06\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2607\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2608\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2892\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3242\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3470\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://review.gluster.org/#/c/glusterfs/+/21067/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201904-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}, {\"lang\": \"en\", \"value\": \"CWE-200\"}, {\"lang\": \"en\", \"value\": \"CWE-502\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10911\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-09-04T14:29:00.220\",\"lastModified\":\"2024-11-21T03:42:17.023\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un error en la forma en la que la funci\u00f3n dic_unserialize en glusterfs no gestiona los valores de longitud de clave negativos. Un atacante podr\u00eda utilizar este error para leer la memoria de otras ubicaciones en el valor dict almacenado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"},{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.12.0\",\"versionEndExcluding\":\"3.12.14\",\"matchCriteriaId\":\"FB3DEA10-0AA0-4A16-8A90-6C59FDF2A702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndExcluding\":\"4.1.8\",\"matchCriteriaId\":\"F5A10693-F756-4E39-AE58-521BDD8488AA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB28F9AF-3D06-4532-B397-96D7E4792503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2607\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2608\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2892\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3242\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3470\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://review.gluster.org/#/c/glusterfs/+/21067/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201904-06\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2607\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2608\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3242\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3470\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://review.gluster.org/#/c/glusterfs/+/21067/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201904-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-014
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | SRC Series Application Server et Web Administrator versions antérieures à 4.12.0-R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1 sur vMX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75 | ||
| N/A | N/A | Juniper ATP | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series | ||
| Juniper Networks | Junos OS | Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series | ||
| Juniper Networks | Junos Space | Junos Space | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series | ||
| Juniper Networks | Junos OS | Tous produits et toutes plateformes exécutant Junos OS | ||
| Juniper Networks | Junos OS | Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SRC Series Application Server et Web Administrator versions ant\u00e9rieures \u00e0 4.12.0-R1",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1 sur vMX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper ATP",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Tous produits et toutes plateformes ex\u00e9cutant Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0010"
},
{
"name": "CVE-2018-10901",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10901"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2019-0003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0003"
},
{
"name": "CVE-2019-0007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0007"
},
{
"name": "CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2017-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0861"
},
{
"name": "CVE-2018-7566",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7566"
},
{
"name": "CVE-2019-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0027"
},
{
"name": "CVE-2019-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0030"
},
{
"name": "CVE-2017-1000379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000379"
},
{
"name": "CVE-2019-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0001"
},
{
"name": "CVE-2018-14634",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14634"
},
{
"name": "CVE-2019-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0002"
},
{
"name": "CVE-2019-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0013"
},
{
"name": "CVE-2019-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0023"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2018-10675",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10675"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2017-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3137"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2017-3142",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3142"
},
{
"name": "CVE-2018-10872",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10872"
},
{
"name": "CVE-2019-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0015"
},
{
"name": "CVE-2019-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0005"
},
{
"name": "CVE-2019-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0009"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2019-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0024"
},
{
"name": "CVE-2019-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0025"
},
{
"name": "CVE-2017-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3143"
},
{
"name": "CVE-2018-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2019-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0011"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2017-15265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15265"
},
{
"name": "CVE-2019-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0012"
},
{
"name": "CVE-2017-11610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11610"
},
{
"name": "CVE-2018-5748",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5748"
},
{
"name": "CVE-2019-0004",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0004"
},
{
"name": "CVE-2019-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0017"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-3665",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3665"
},
{
"name": "CVE-2017-1000366",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000366"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5390"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2019-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0021"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2019-0016",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0016"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-8897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8897"
},
{
"name": "CVE-2019-0022",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0022"
},
{
"name": "CVE-2017-1000364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-1050",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1050"
},
{
"name": "CVE-2019-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0014"
},
{
"name": "CVE-2018-3693",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3693"
},
{
"name": "CVE-2018-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10911"
},
{
"name": "CVE-2019-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0026"
},
{
"name": "CVE-2019-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0029"
},
{
"name": "CVE-2019-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0020"
},
{
"name": "CVE-2018-5740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5740"
},
{
"name": "CVE-2017-2619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2619"
},
{
"name": "CVE-2019-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0018"
},
{
"name": "CVE-2018-1000004",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000004"
},
{
"name": "CVE-2019-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0006"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2017-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3136"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
},
{
"name": "CVE-2017-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3145"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-10301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10301"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-014",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10906 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10906\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10910 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10910\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10911 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10911\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10907 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10907\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10912 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10912\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10913 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10913\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10919 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10919\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10905 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10905\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10902 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10902\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10917 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10917\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10904 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10904\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10915 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10915\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10916 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10916\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10914 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10914\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10900 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10900\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10909 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10909\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10901 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10901\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10918 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10918\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10903 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10903\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2019-AVI-014
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | SRC Series Application Server et Web Administrator versions antérieures à 4.12.0-R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1 sur vMX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75 | ||
| N/A | N/A | Juniper ATP | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series | ||
| Juniper Networks | Junos OS | Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series | ||
| Juniper Networks | Junos Space | Junos Space | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series | ||
| Juniper Networks | Junos OS | Tous produits et toutes plateformes exécutant Junos OS | ||
| Juniper Networks | Junos OS | Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SRC Series Application Server et Web Administrator versions ant\u00e9rieures \u00e0 4.12.0-R1",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1 sur vMX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper ATP",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Tous produits et toutes plateformes ex\u00e9cutant Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0010"
},
{
"name": "CVE-2018-10901",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10901"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2019-0003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0003"
},
{
"name": "CVE-2019-0007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0007"
},
{
"name": "CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2017-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0861"
},
{
"name": "CVE-2018-7566",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7566"
},
{
"name": "CVE-2019-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0027"
},
{
"name": "CVE-2019-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0030"
},
{
"name": "CVE-2017-1000379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000379"
},
{
"name": "CVE-2019-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0001"
},
{
"name": "CVE-2018-14634",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14634"
},
{
"name": "CVE-2019-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0002"
},
{
"name": "CVE-2019-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0013"
},
{
"name": "CVE-2019-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0023"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2018-10675",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10675"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2017-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3137"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2017-3142",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3142"
},
{
"name": "CVE-2018-10872",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10872"
},
{
"name": "CVE-2019-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0015"
},
{
"name": "CVE-2019-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0005"
},
{
"name": "CVE-2019-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0009"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2019-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0024"
},
{
"name": "CVE-2019-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0025"
},
{
"name": "CVE-2017-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3143"
},
{
"name": "CVE-2018-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2019-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0011"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2017-15265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15265"
},
{
"name": "CVE-2019-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0012"
},
{
"name": "CVE-2017-11610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11610"
},
{
"name": "CVE-2018-5748",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5748"
},
{
"name": "CVE-2019-0004",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0004"
},
{
"name": "CVE-2019-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0017"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-3665",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3665"
},
{
"name": "CVE-2017-1000366",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000366"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5390"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2019-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0021"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2019-0016",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0016"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-8897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8897"
},
{
"name": "CVE-2019-0022",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0022"
},
{
"name": "CVE-2017-1000364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-1050",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1050"
},
{
"name": "CVE-2019-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0014"
},
{
"name": "CVE-2018-3693",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3693"
},
{
"name": "CVE-2018-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10911"
},
{
"name": "CVE-2019-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0026"
},
{
"name": "CVE-2019-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0029"
},
{
"name": "CVE-2019-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0020"
},
{
"name": "CVE-2018-5740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5740"
},
{
"name": "CVE-2017-2619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2619"
},
{
"name": "CVE-2019-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0018"
},
{
"name": "CVE-2018-1000004",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000004"
},
{
"name": "CVE-2019-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0006"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2017-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3136"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
},
{
"name": "CVE-2017-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3145"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-10301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10301"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-014",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10906 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10906\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10910 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10910\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10911 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10911\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10907 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10907\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10912 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10912\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10913 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10913\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10919 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10919\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10905 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10905\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10902 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10902\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10917 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10917\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10904 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10904\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10915 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10915\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10916 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10916\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10914 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10914\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10900 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10900\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10909 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10909\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10901 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10901\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10918 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10918\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10903 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10903\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
BDU:2019-00238
Vulnerability from fstec - Published: 04.09.2018
VLAI
Title
Уязвимость функции dic_unserialize файловой системы GlusterFS, позволяющая нарушителю получить доступ к защищаемой информации
Description
Уязвимость функции dic_unserialize файловой системы GlusterFS связана с ошибками обработки отрицательных значений длины ключа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к защищаемой информации
Severity
Vendor
Juniper Networks Inc., Gluster Inc., АО «Концерн ВНИИНС»
Software Name
Junos Space Network Management Platform, GlusterFS, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
18.4R1 (Junos Space Network Management Platform), от 3.12.0 до 3.12.14 (GlusterFS), от 4.1.0 до 4.1.4 (GlusterFS), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Обновление программного обеспечения до более поздней версии
Для ОС ОН «Стрелец»:
Обновление программного обеспечения glusterfs до версии 5.5-3osnova0
Reference
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10917&cat=SIRT_1&actp=LIST
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-190, CWE-200, CWE-502
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Juniper Networks Inc., Gluster Inc., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "18.4R1 (Junos Space Network Management Platform), \u043e\u0442 3.12.0 \u0434\u043e 3.12.14 (GlusterFS), \u043e\u0442 4.1.0 \u0434\u043e 4.1.4 (GlusterFS), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f glusterfs \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.5-3osnova0",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "04.09.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.01.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00238",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-10911",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Junos Space Network Management Platform, GlusterFS, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 dic_unserialize \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b GlusterFS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190), \u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200), \u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-502)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 dic_unserialize \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b GlusterFS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043e\u0442\u0440\u0438\u0446\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 \u0434\u043b\u0438\u043d\u044b \u043a\u043b\u044e\u0447\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10917\u0026cat=SIRT_1\u0026actp=LIST\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190, CWE-200, CWE-502",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CNVD-2018-17759
Vulnerability from cnvd - Published: 2018-09-06
VLAI
Title
Red Hat glusterfs服务器反序列化漏洞
Description
Red Hat glusterfs server是美国红帽(Red Hat)公司的一套开源的分布式文件系统。该系统主要为媒体流、数据分析以及其他数据和带宽密集型任务创建大型分布式存储解决方案。
Red Hat glusterfs服务器中的dict.c文件的‘dic_unserialize’函数存在反序列化漏洞,该漏洞源于‘dic_unserialize’函数对负的key长度值处理不当。攻击者可借助特制的序列化词典利用该漏洞泄露任意内存位置。
Severity
高
Patch Name
Red Hat glusterfs服务器反序列化漏洞的补丁
Patch Description
Red Hat glusterfs server是美国红帽(Red Hat)公司的一套开源的分布式文件系统。该系统主要为媒体流、数据分析以及其他数据和带宽密集型任务创建大型分布式存储解决方案。
Red Hat glusterfs服务器中的dict.c文件的‘dic_unserialize’函数存在反序列化漏洞,该漏洞源于‘dic_unserialize’函数对负的key长度值处理不当。攻击者可借助特制的序列化词典利用该漏洞泄露任意内存位置。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://review.gluster.org/#/c/glusterfs/+/21067/
Reference
https://review.gluster.org/#/c/glusterfs/+/21067/
Impacted products
| Name | Red Hat GlusterFS |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-10911",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10911"
}
},
"description": "Red Hat glusterfs server\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3b\u8981\u4e3a\u5a92\u4f53\u6d41\u3001\u6570\u636e\u5206\u6790\u4ee5\u53ca\u5176\u4ed6\u6570\u636e\u548c\u5e26\u5bbd\u5bc6\u96c6\u578b\u4efb\u52a1\u521b\u5efa\u5927\u578b\u5206\u5e03\u5f0f\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nRed Hat glusterfs\u670d\u52a1\u5668\u4e2d\u7684dict.c\u6587\u4ef6\u7684\u2018dic_unserialize\u2019\u51fd\u6570\u5b58\u5728\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u2018dic_unserialize\u2019\u51fd\u6570\u5bf9\u8d1f\u7684key\u957f\u5ea6\u503c\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e8f\u5217\u5316\u8bcd\u5178\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4efb\u610f\u5185\u5b58\u4f4d\u7f6e\u3002",
"discovererName": "Sam Fowler",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://review.gluster.org/#/c/glusterfs/+/21067/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-17759",
"openTime": "2018-09-06",
"patchDescription": "Red Hat glusterfs server\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3b\u8981\u4e3a\u5a92\u4f53\u6d41\u3001\u6570\u636e\u5206\u6790\u4ee5\u53ca\u5176\u4ed6\u6570\u636e\u548c\u5e26\u5bbd\u5bc6\u96c6\u578b\u4efb\u52a1\u521b\u5efa\u5927\u578b\u5206\u5e03\u5f0f\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nRed Hat glusterfs\u670d\u52a1\u5668\u4e2d\u7684dict.c\u6587\u4ef6\u7684\u2018dic_unserialize\u2019\u51fd\u6570\u5b58\u5728\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u2018dic_unserialize\u2019\u51fd\u6570\u5bf9\u8d1f\u7684key\u957f\u5ea6\u503c\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e8f\u5217\u5316\u8bcd\u5178\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4efb\u610f\u5185\u5b58\u4f4d\u7f6e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Red Hat glusterfs\u670d\u52a1\u5668\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Red Hat GlusterFS"
},
"referenceLink": "https://review.gluster.org/#/c/glusterfs/+/21067/",
"serverity": "\u9ad8",
"submitTime": "2018-09-06",
"title": "Red Hat glusterfs\u670d\u52a1\u5668\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e"
}
FKIE_CVE-2018-10911
Vulnerability from fkie_nvd - Published: 2018-09-04 14:29 - Updated: 2024-11-21 03:42
Severity
Summary
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2607 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2608 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2892 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:3242 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:3470 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://review.gluster.org/#/c/glusterfs/+/21067/ | Patch, Vendor Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/201904-06 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2607 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2608 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2892 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3242 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3470 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://review.gluster.org/#/c/glusterfs/+/21067/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201904-06 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gluster | glusterfs | * | |
| gluster | glusterfs | * | |
| redhat | virtualization_host | 4.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3DEA10-0AA0-4A16-8A90-6C59FDF2A702",
"versionEndExcluding": "3.12.14",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A10693-F756-4E39-AE58-521BDD8488AA",
"versionEndExcluding": "4.1.8",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value."
},
{
"lang": "es",
"value": "Se ha detectado un error en la forma en la que la funci\u00f3n dic_unserialize en glusterfs no gestiona los valores de longitud de clave negativos. Un atacante podr\u00eda utilizar este error para leer la memoria de otras ubicaciones en el valor dict almacenado."
}
],
"id": "CVE-2018-10911",
"lastModified": "2024-11-21T03:42:17.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-04T14:29:00.220",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2608"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2892"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3242"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.gluster.org/#/c/glusterfs/+/21067/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.gluster.org/#/c/glusterfs/+/21067/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-06"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-X86V-J2GH-G3W6
Vulnerability from github – Published: 2022-04-30 00:02 – Updated: 2022-04-30 00:02
VLAI
Details
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2018-10911"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-04T14:29:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.",
"id": "GHSA-x86v-j2gh-g3w6",
"modified": "2022-04-30T00:02:18Z",
"published": "2022-04-30T00:02:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10911"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2608"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2892"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3242"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
},
{
"type": "WEB",
"url": "https://review.gluster.org/#/c/glusterfs/+/21067"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201904-06"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2018-10911
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10911",
"description": "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.",
"id": "GSD-2018-10911",
"references": [
"https://www.suse.com/security/cve/CVE-2018-10911.html",
"https://access.redhat.com/errata/RHSA-2018:3470",
"https://access.redhat.com/errata/RHSA-2018:3242",
"https://access.redhat.com/errata/RHSA-2018:2892",
"https://access.redhat.com/errata/RHSA-2018:2608",
"https://access.redhat.com/errata/RHSA-2018:2607",
"https://linux.oracle.com/cve/CVE-2018-10911.html",
"https://ubuntu.com/security/CVE-2018-10911"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10911"
],
"details": "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.",
"id": "GSD-2018-10911",
"modified": "2023-12-13T01:22:41.549656Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glusterfs:",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://review.gluster.org/#/c/glusterfs/+/21067/",
"refsource": "CONFIRM",
"url": "https://review.gluster.org/#/c/glusterfs/+/21067/"
},
{
"name": "RHSA-2018:2607",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911"
},
{
"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
},
{
"name": "RHSA-2018:2608",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2608"
},
{
"name": "RHSA-2018:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"name": "RHSA-2018:2892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2892"
},
{
"name": "RHSA-2018:3242",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3242"
},
{
"name": "GLSA-201904-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "openSUSE-SU-2020:0079",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.12.14",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.8",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10911"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://review.gluster.org/#/c/glusterfs/+/21067/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.gluster.org/#/c/glusterfs/+/21067/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911"
},
{
"name": "RHSA-2018:2608",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2608"
},
{
"name": "RHSA-2018:2607",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
},
{
"name": "RHSA-2018:2892",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2892"
},
{
"name": "RHSA-2018:3242",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3242"
},
{
"name": "RHSA-2018:3470",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"name": "GLSA-201904-06",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "openSUSE-SU-2020:0079",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-04-22T19:06Z",
"publishedDate": "2018-09-04T14:29Z"
}
}
}
OPENSUSE-SU-2020:0079-1
Vulnerability from csaf_opensuse - Published: 2020-01-19 23:11 - Updated: 2020-01-19 23:11Summary
Security update for glusterfs
Severity
Moderate
Notes
Title of the patch: Security update for glusterfs
Description of the patch: This update for glusterfs fixes the following issues:
glusterfs was update to release 3.12.15:
* Fixed a number of bugs and security issues:
- CVE-2018-1088, CVE-2018-1112 [boo#1090084],
CVE-2018-10904 [boo#1107018], CVE-2018-10907 [boo#1107019],
CVE-2018-10911 [boo#1107020], CVE-2018-10913 [boo#1107021],
CVE-2018-10914 [boo#1107022], CVE-2018-10923 [boo#1107023],
CVE-2018-10924 [boo#1107024], CVE-2018-10926 [boo#1107025],
CVE-2018-10927 [boo#1107026], CVE-2018-10928 [boo#1107027],
CVE-2018-10928 [boo#1107027], CVE-2018-10929 [boo#1107028],
CVE-2018-10930 [boo#1107029], boo#1105776 .
Patchnames: openSUSE-2020-79
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.6 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
77 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1090084 | self |
| https://bugzilla.suse.com/1105776 | self |
| https://bugzilla.suse.com/1107018 | self |
| https://bugzilla.suse.com/1107019 | self |
| https://bugzilla.suse.com/1107020 | self |
| https://bugzilla.suse.com/1107021 | self |
| https://bugzilla.suse.com/1107022 | self |
| https://bugzilla.suse.com/1107023 | self |
| https://bugzilla.suse.com/1107024 | self |
| https://bugzilla.suse.com/1107025 | self |
| https://bugzilla.suse.com/1107026 | self |
| https://bugzilla.suse.com/1107027 | self |
| https://bugzilla.suse.com/1107028 | self |
| https://bugzilla.suse.com/1107029 | self |
| https://www.suse.com/security/cve/CVE-2018-1088/ | self |
| https://www.suse.com/security/cve/CVE-2018-10904/ | self |
| https://www.suse.com/security/cve/CVE-2018-10907/ | self |
| https://www.suse.com/security/cve/CVE-2018-10911/ | self |
| https://www.suse.com/security/cve/CVE-2018-10913/ | self |
| https://www.suse.com/security/cve/CVE-2018-10914/ | self |
| https://www.suse.com/security/cve/CVE-2018-10923/ | self |
| https://www.suse.com/security/cve/CVE-2018-10924/ | self |
| https://www.suse.com/security/cve/CVE-2018-10926/ | self |
| https://www.suse.com/security/cve/CVE-2018-10927/ | self |
| https://www.suse.com/security/cve/CVE-2018-10928/ | self |
| https://www.suse.com/security/cve/CVE-2018-10929/ | self |
| https://www.suse.com/security/cve/CVE-2018-10930/ | self |
| https://www.suse.com/security/cve/CVE-2018-1112/ | self |
| https://www.suse.com/security/cve/CVE-2018-1088 | external |
| https://bugzilla.suse.com/1090084 | external |
| https://www.suse.com/security/cve/CVE-2018-10904 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107018 | external |
| https://www.suse.com/security/cve/CVE-2018-10907 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107019 | external |
| https://www.suse.com/security/cve/CVE-2018-10911 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107020 | external |
| https://www.suse.com/security/cve/CVE-2018-10913 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107021 | external |
| https://www.suse.com/security/cve/CVE-2018-10914 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107022 | external |
| https://www.suse.com/security/cve/CVE-2018-10923 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107023 | external |
| https://www.suse.com/security/cve/CVE-2018-10924 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107024 | external |
| https://www.suse.com/security/cve/CVE-2018-10926 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107025 | external |
| https://bugzilla.suse.com/1112909 | external |
| https://www.suse.com/security/cve/CVE-2018-10927 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107026 | external |
| https://bugzilla.suse.com/1112909 | external |
| https://www.suse.com/security/cve/CVE-2018-10928 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107027 | external |
| https://bugzilla.suse.com/1112909 | external |
| https://www.suse.com/security/cve/CVE-2018-10929 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107028 | external |
| https://bugzilla.suse.com/1112909 | external |
| https://www.suse.com/security/cve/CVE-2018-10930 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107029 | external |
| https://bugzilla.suse.com/1112909 | external |
| https://www.suse.com/security/cve/CVE-2018-1112 | external |
| https://bugzilla.suse.com/1090084 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for glusterfs",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for glusterfs fixes the following issues:\n\nglusterfs was update to release 3.12.15:\n\n* Fixed a number of bugs and security issues:\n\n- CVE-2018-1088, CVE-2018-1112 [boo#1090084],\n CVE-2018-10904 [boo#1107018], CVE-2018-10907 [boo#1107019],\n CVE-2018-10911 [boo#1107020], CVE-2018-10913 [boo#1107021],\n CVE-2018-10914 [boo#1107022], CVE-2018-10923 [boo#1107023],\n CVE-2018-10924 [boo#1107024], CVE-2018-10926 [boo#1107025],\n CVE-2018-10927 [boo#1107026], CVE-2018-10928 [boo#1107027],\n CVE-2018-10928 [boo#1107027], CVE-2018-10929 [boo#1107028],\n CVE-2018-10930 [boo#1107029], boo#1105776 .\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-79",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0079-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0079-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RYXEJNKIYS5SFNFG2L23KRFS2ESTUJVD/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0079-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RYXEJNKIYS5SFNFG2L23KRFS2ESTUJVD/"
},
{
"category": "self",
"summary": "SUSE Bug 1090084",
"url": "https://bugzilla.suse.com/1090084"
},
{
"category": "self",
"summary": "SUSE Bug 1105776",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "self",
"summary": "SUSE Bug 1107018",
"url": "https://bugzilla.suse.com/1107018"
},
{
"category": "self",
"summary": "SUSE Bug 1107019",
"url": "https://bugzilla.suse.com/1107019"
},
{
"category": "self",
"summary": "SUSE Bug 1107020",
"url": "https://bugzilla.suse.com/1107020"
},
{
"category": "self",
"summary": "SUSE Bug 1107021",
"url": "https://bugzilla.suse.com/1107021"
},
{
"category": "self",
"summary": "SUSE Bug 1107022",
"url": "https://bugzilla.suse.com/1107022"
},
{
"category": "self",
"summary": "SUSE Bug 1107023",
"url": "https://bugzilla.suse.com/1107023"
},
{
"category": "self",
"summary": "SUSE Bug 1107024",
"url": "https://bugzilla.suse.com/1107024"
},
{
"category": "self",
"summary": "SUSE Bug 1107025",
"url": "https://bugzilla.suse.com/1107025"
},
{
"category": "self",
"summary": "SUSE Bug 1107026",
"url": "https://bugzilla.suse.com/1107026"
},
{
"category": "self",
"summary": "SUSE Bug 1107027",
"url": "https://bugzilla.suse.com/1107027"
},
{
"category": "self",
"summary": "SUSE Bug 1107028",
"url": "https://bugzilla.suse.com/1107028"
},
{
"category": "self",
"summary": "SUSE Bug 1107029",
"url": "https://bugzilla.suse.com/1107029"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1088 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10904 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10907 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10911 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10913 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10914 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10923 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10924 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10926 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10927 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10928 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10929 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10930 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1112 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1112/"
}
],
"title": "Security update for glusterfs",
"tracking": {
"current_release_date": "2020-01-19T23:11:30Z",
"generator": {
"date": "2020-01-19T23:11:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0079-1",
"initial_release_date": "2020-01-19T23:11:30Z",
"revision_history": [
{
"date": "2020-01-19T23:11:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "glusterfs-3.12.15-lp151.3.3.1.i586",
"product": {
"name": "glusterfs-3.12.15-lp151.3.3.1.i586",
"product_id": "glusterfs-3.12.15-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"product": {
"name": "glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"product_id": "glusterfs-devel-3.12.15-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libgfapi0-3.12.15-lp151.3.3.1.i586",
"product": {
"name": "libgfapi0-3.12.15-lp151.3.3.1.i586",
"product_id": "libgfapi0-3.12.15-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"product": {
"name": "libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"product_id": "libgfchangelog0-3.12.15-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libgfdb0-3.12.15-lp151.3.3.1.i586",
"product": {
"name": "libgfdb0-3.12.15-lp151.3.3.1.i586",
"product_id": "libgfdb0-3.12.15-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libgfrpc0-3.12.15-lp151.3.3.1.i586",
"product": {
"name": "libgfrpc0-3.12.15-lp151.3.3.1.i586",
"product_id": "libgfrpc0-3.12.15-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libgfxdr0-3.12.15-lp151.3.3.1.i586",
"product": {
"name": "libgfxdr0-3.12.15-lp151.3.3.1.i586",
"product_id": "libgfxdr0-3.12.15-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libglusterfs0-3.12.15-lp151.3.3.1.i586",
"product": {
"name": "libglusterfs0-3.12.15-lp151.3.3.1.i586",
"product_id": "libglusterfs0-3.12.15-lp151.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "python-gluster-3.12.15-lp151.3.3.1.i586",
"product": {
"name": "python-gluster-3.12.15-lp151.3.3.1.i586",
"product_id": "python-gluster-3.12.15-lp151.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "glusterfs-3.12.15-lp151.3.3.1.x86_64",
"product": {
"name": "glusterfs-3.12.15-lp151.3.3.1.x86_64",
"product_id": "glusterfs-3.12.15-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"product": {
"name": "glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"product_id": "glusterfs-devel-3.12.15-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"product": {
"name": "libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"product_id": "libgfapi0-3.12.15-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"product": {
"name": "libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"product_id": "libgfchangelog0-3.12.15-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"product": {
"name": "libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"product_id": "libgfdb0-3.12.15-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"product": {
"name": "libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"product_id": "libgfrpc0-3.12.15-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"product": {
"name": "libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"product_id": "libgfxdr0-3.12.15-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"product": {
"name": "libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"product_id": "libglusterfs0-3.12.15-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-gluster-3.12.15-lp151.3.3.1.x86_64",
"product": {
"name": "python-gluster-3.12.15-lp151.3.3.1.x86_64",
"product_id": "python-gluster-3.12.15-lp151.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-3.12.15-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586"
},
"product_reference": "glusterfs-3.12.15-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-3.12.15-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64"
},
"product_reference": "glusterfs-3.12.15-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-3.12.15-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586"
},
"product_reference": "glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-3.12.15-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64"
},
"product_reference": "glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfapi0-3.12.15-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586"
},
"product_reference": "libgfapi0-3.12.15-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfapi0-3.12.15-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64"
},
"product_reference": "libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfchangelog0-3.12.15-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586"
},
"product_reference": "libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfchangelog0-3.12.15-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64"
},
"product_reference": "libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfdb0-3.12.15-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586"
},
"product_reference": "libgfdb0-3.12.15-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfdb0-3.12.15-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64"
},
"product_reference": "libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfrpc0-3.12.15-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586"
},
"product_reference": "libgfrpc0-3.12.15-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfrpc0-3.12.15-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64"
},
"product_reference": "libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfxdr0-3.12.15-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586"
},
"product_reference": "libgfxdr0-3.12.15-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfxdr0-3.12.15-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64"
},
"product_reference": "libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libglusterfs0-3.12.15-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586"
},
"product_reference": "libglusterfs0-3.12.15-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libglusterfs0-3.12.15-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64"
},
"product_reference": "libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gluster-3.12.15-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586"
},
"product_reference": "python-gluster-3.12.15-lp151.3.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gluster-3.12.15-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
},
"product_reference": "python-gluster-3.12.15-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1088"
}
],
"notes": [
{
"category": "general",
"text": "A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1088",
"url": "https://www.suse.com/security/cve/CVE-2018-1088"
},
{
"category": "external",
"summary": "SUSE Bug 1090084 for CVE-2018-1088",
"url": "https://bugzilla.suse.com/1090084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "important"
}
],
"title": "CVE-2018-1088"
},
{
"cve": "CVE-2018-10904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10904"
}
],
"notes": [
{
"category": "general",
"text": "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10904",
"url": "https://www.suse.com/security/cve/CVE-2018-10904"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10904",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107018 for CVE-2018-10904",
"url": "https://bugzilla.suse.com/1107018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "important"
}
],
"title": "CVE-2018-10904"
},
{
"cve": "CVE-2018-10907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10907"
}
],
"notes": [
{
"category": "general",
"text": "It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using \u0027alloca(3)\u0027. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10907",
"url": "https://www.suse.com/security/cve/CVE-2018-10907"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10907",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107019 for CVE-2018-10907",
"url": "https://bugzilla.suse.com/1107019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "important"
}
],
"title": "CVE-2018-10907"
},
{
"cve": "CVE-2018-10911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10911"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10911",
"url": "https://www.suse.com/security/cve/CVE-2018-10911"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10911",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107020 for CVE-2018-10911",
"url": "https://bugzilla.suse.com/1107020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-10911"
},
{
"cve": "CVE-2018-10913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10913"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10913",
"url": "https://www.suse.com/security/cve/CVE-2018-10913"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10913",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107021 for CVE-2018-10913",
"url": "https://bugzilla.suse.com/1107021"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "low"
}
],
"title": "CVE-2018-10913"
},
{
"cve": "CVE-2018-10914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10914"
}
],
"notes": [
{
"category": "general",
"text": "It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10914",
"url": "https://www.suse.com/security/cve/CVE-2018-10914"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10914",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107022 for CVE-2018-10914",
"url": "https://bugzilla.suse.com/1107022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-10914"
},
{
"cve": "CVE-2018-10923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10923"
}
],
"notes": [
{
"category": "general",
"text": "It was found that the \"mknod\" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10923",
"url": "https://www.suse.com/security/cve/CVE-2018-10923"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10923",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107023 for CVE-2018-10923",
"url": "https://bugzilla.suse.com/1107023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "important"
}
],
"title": "CVE-2018-10923"
},
{
"cve": "CVE-2018-10924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10924"
}
],
"notes": [
{
"category": "general",
"text": "It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10924",
"url": "https://www.suse.com/security/cve/CVE-2018-10924"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10924",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107024 for CVE-2018-10924",
"url": "https://bugzilla.suse.com/1107024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-10924"
},
{
"cve": "CVE-2018-10926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10926"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10926",
"url": "https://www.suse.com/security/cve/CVE-2018-10926"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10926",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107025 for CVE-2018-10926",
"url": "https://bugzilla.suse.com/1107025"
},
{
"category": "external",
"summary": "SUSE Bug 1112909 for CVE-2018-10926",
"url": "https://bugzilla.suse.com/1112909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "important"
}
],
"title": "CVE-2018-10926"
},
{
"cve": "CVE-2018-10927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10927"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10927",
"url": "https://www.suse.com/security/cve/CVE-2018-10927"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10927",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107026 for CVE-2018-10927",
"url": "https://bugzilla.suse.com/1107026"
},
{
"category": "external",
"summary": "SUSE Bug 1112909 for CVE-2018-10927",
"url": "https://bugzilla.suse.com/1112909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "important"
}
],
"title": "CVE-2018-10927"
},
{
"cve": "CVE-2018-10928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10928"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10928",
"url": "https://www.suse.com/security/cve/CVE-2018-10928"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10928",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107027 for CVE-2018-10928",
"url": "https://bugzilla.suse.com/1107027"
},
{
"category": "external",
"summary": "SUSE Bug 1112909 for CVE-2018-10928",
"url": "https://bugzilla.suse.com/1112909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "important"
}
],
"title": "CVE-2018-10928"
},
{
"cve": "CVE-2018-10929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10929"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10929",
"url": "https://www.suse.com/security/cve/CVE-2018-10929"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10929",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107028 for CVE-2018-10929",
"url": "https://bugzilla.suse.com/1107028"
},
{
"category": "external",
"summary": "SUSE Bug 1112909 for CVE-2018-10929",
"url": "https://bugzilla.suse.com/1112909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "important"
}
],
"title": "CVE-2018-10929"
},
{
"cve": "CVE-2018-10930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10930"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10930",
"url": "https://www.suse.com/security/cve/CVE-2018-10930"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10930",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107029 for CVE-2018-10930",
"url": "https://bugzilla.suse.com/1107029"
},
{
"category": "external",
"summary": "SUSE Bug 1112909 for CVE-2018-10930",
"url": "https://bugzilla.suse.com/1112909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-10930"
},
{
"cve": "CVE-2018-1112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1112"
}
],
"notes": [
{
"category": "general",
"text": "glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using \u0027auth.allow\u0027 option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1112",
"url": "https://www.suse.com/security/cve/CVE-2018-1112"
},
{
"category": "external",
"summary": "SUSE Bug 1090084 for CVE-2018-1112",
"url": "https://bugzilla.suse.com/1090084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:glusterfs-devel-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfapi0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfchangelog0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfdb0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfrpc0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libgfxdr0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:libglusterfs0-3.12.15-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.i586",
"openSUSE Leap 15.1:python-gluster-3.12.15-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-19T23:11:30Z",
"details": "important"
}
],
"title": "CVE-2018-1112"
}
]
}
OPENSUSE-SU-2024:10794-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
glusterfs-9.1-1.3 on GA media
Severity
Moderate
Notes
Title of the patch: glusterfs-9.1-1.3 on GA media
Description of the patch: These are all security issues fixed in the glusterfs-9.1-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10794
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
36 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2018-1088/ | self |
| https://www.suse.com/security/cve/CVE-2018-10904/ | self |
| https://www.suse.com/security/cve/CVE-2018-10911/ | self |
| https://www.suse.com/security/cve/CVE-2018-10914/ | self |
| https://www.suse.com/security/cve/CVE-2018-10924/ | self |
| https://www.suse.com/security/cve/CVE-2018-10927/ | self |
| https://www.suse.com/security/cve/CVE-2018-10928/ | self |
| https://www.suse.com/security/cve/CVE-2018-10930/ | self |
| https://www.suse.com/security/cve/CVE-2018-1088 | external |
| https://bugzilla.suse.com/1090084 | external |
| https://www.suse.com/security/cve/CVE-2018-10904 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107018 | external |
| https://www.suse.com/security/cve/CVE-2018-10911 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107020 | external |
| https://www.suse.com/security/cve/CVE-2018-10914 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107022 | external |
| https://www.suse.com/security/cve/CVE-2018-10924 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107024 | external |
| https://www.suse.com/security/cve/CVE-2018-10927 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107026 | external |
| https://bugzilla.suse.com/1112909 | external |
| https://www.suse.com/security/cve/CVE-2018-10928 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107027 | external |
| https://bugzilla.suse.com/1112909 | external |
| https://www.suse.com/security/cve/CVE-2018-10930 | external |
| https://bugzilla.suse.com/1105776 | external |
| https://bugzilla.suse.com/1107029 | external |
| https://bugzilla.suse.com/1112909 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "glusterfs-9.1-1.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the glusterfs-9.1-1.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10794",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10794-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1088 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10904 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10911 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10914 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10924 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10927 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10928 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10930 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10930/"
}
],
"title": "glusterfs-9.1-1.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10794-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "glusterfs-9.1-1.3.aarch64",
"product": {
"name": "glusterfs-9.1-1.3.aarch64",
"product_id": "glusterfs-9.1-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "glusterfs-devel-9.1-1.3.aarch64",
"product": {
"name": "glusterfs-devel-9.1-1.3.aarch64",
"product_id": "glusterfs-devel-9.1-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "libgfapi0-9.1-1.3.aarch64",
"product": {
"name": "libgfapi0-9.1-1.3.aarch64",
"product_id": "libgfapi0-9.1-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "libgfchangelog0-9.1-1.3.aarch64",
"product": {
"name": "libgfchangelog0-9.1-1.3.aarch64",
"product_id": "libgfchangelog0-9.1-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "libgfrpc0-9.1-1.3.aarch64",
"product": {
"name": "libgfrpc0-9.1-1.3.aarch64",
"product_id": "libgfrpc0-9.1-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "libgfxdr0-9.1-1.3.aarch64",
"product": {
"name": "libgfxdr0-9.1-1.3.aarch64",
"product_id": "libgfxdr0-9.1-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "libglusterd0-9.1-1.3.aarch64",
"product": {
"name": "libglusterd0-9.1-1.3.aarch64",
"product_id": "libglusterd0-9.1-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "libglusterfs0-9.1-1.3.aarch64",
"product": {
"name": "libglusterfs0-9.1-1.3.aarch64",
"product_id": "libglusterfs0-9.1-1.3.aarch64"
}
},
{
"category": "product_version",
"name": "python3-gluster-9.1-1.3.aarch64",
"product": {
"name": "python3-gluster-9.1-1.3.aarch64",
"product_id": "python3-gluster-9.1-1.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "glusterfs-9.1-1.3.ppc64le",
"product": {
"name": "glusterfs-9.1-1.3.ppc64le",
"product_id": "glusterfs-9.1-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "glusterfs-devel-9.1-1.3.ppc64le",
"product": {
"name": "glusterfs-devel-9.1-1.3.ppc64le",
"product_id": "glusterfs-devel-9.1-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libgfapi0-9.1-1.3.ppc64le",
"product": {
"name": "libgfapi0-9.1-1.3.ppc64le",
"product_id": "libgfapi0-9.1-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libgfchangelog0-9.1-1.3.ppc64le",
"product": {
"name": "libgfchangelog0-9.1-1.3.ppc64le",
"product_id": "libgfchangelog0-9.1-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libgfrpc0-9.1-1.3.ppc64le",
"product": {
"name": "libgfrpc0-9.1-1.3.ppc64le",
"product_id": "libgfrpc0-9.1-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libgfxdr0-9.1-1.3.ppc64le",
"product": {
"name": "libgfxdr0-9.1-1.3.ppc64le",
"product_id": "libgfxdr0-9.1-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libglusterd0-9.1-1.3.ppc64le",
"product": {
"name": "libglusterd0-9.1-1.3.ppc64le",
"product_id": "libglusterd0-9.1-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libglusterfs0-9.1-1.3.ppc64le",
"product": {
"name": "libglusterfs0-9.1-1.3.ppc64le",
"product_id": "libglusterfs0-9.1-1.3.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-gluster-9.1-1.3.ppc64le",
"product": {
"name": "python3-gluster-9.1-1.3.ppc64le",
"product_id": "python3-gluster-9.1-1.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "glusterfs-9.1-1.3.s390x",
"product": {
"name": "glusterfs-9.1-1.3.s390x",
"product_id": "glusterfs-9.1-1.3.s390x"
}
},
{
"category": "product_version",
"name": "glusterfs-devel-9.1-1.3.s390x",
"product": {
"name": "glusterfs-devel-9.1-1.3.s390x",
"product_id": "glusterfs-devel-9.1-1.3.s390x"
}
},
{
"category": "product_version",
"name": "libgfapi0-9.1-1.3.s390x",
"product": {
"name": "libgfapi0-9.1-1.3.s390x",
"product_id": "libgfapi0-9.1-1.3.s390x"
}
},
{
"category": "product_version",
"name": "libgfchangelog0-9.1-1.3.s390x",
"product": {
"name": "libgfchangelog0-9.1-1.3.s390x",
"product_id": "libgfchangelog0-9.1-1.3.s390x"
}
},
{
"category": "product_version",
"name": "libgfrpc0-9.1-1.3.s390x",
"product": {
"name": "libgfrpc0-9.1-1.3.s390x",
"product_id": "libgfrpc0-9.1-1.3.s390x"
}
},
{
"category": "product_version",
"name": "libgfxdr0-9.1-1.3.s390x",
"product": {
"name": "libgfxdr0-9.1-1.3.s390x",
"product_id": "libgfxdr0-9.1-1.3.s390x"
}
},
{
"category": "product_version",
"name": "libglusterd0-9.1-1.3.s390x",
"product": {
"name": "libglusterd0-9.1-1.3.s390x",
"product_id": "libglusterd0-9.1-1.3.s390x"
}
},
{
"category": "product_version",
"name": "libglusterfs0-9.1-1.3.s390x",
"product": {
"name": "libglusterfs0-9.1-1.3.s390x",
"product_id": "libglusterfs0-9.1-1.3.s390x"
}
},
{
"category": "product_version",
"name": "python3-gluster-9.1-1.3.s390x",
"product": {
"name": "python3-gluster-9.1-1.3.s390x",
"product_id": "python3-gluster-9.1-1.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "glusterfs-9.1-1.3.x86_64",
"product": {
"name": "glusterfs-9.1-1.3.x86_64",
"product_id": "glusterfs-9.1-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "glusterfs-devel-9.1-1.3.x86_64",
"product": {
"name": "glusterfs-devel-9.1-1.3.x86_64",
"product_id": "glusterfs-devel-9.1-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "libgfapi0-9.1-1.3.x86_64",
"product": {
"name": "libgfapi0-9.1-1.3.x86_64",
"product_id": "libgfapi0-9.1-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "libgfchangelog0-9.1-1.3.x86_64",
"product": {
"name": "libgfchangelog0-9.1-1.3.x86_64",
"product_id": "libgfchangelog0-9.1-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "libgfrpc0-9.1-1.3.x86_64",
"product": {
"name": "libgfrpc0-9.1-1.3.x86_64",
"product_id": "libgfrpc0-9.1-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "libgfxdr0-9.1-1.3.x86_64",
"product": {
"name": "libgfxdr0-9.1-1.3.x86_64",
"product_id": "libgfxdr0-9.1-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "libglusterd0-9.1-1.3.x86_64",
"product": {
"name": "libglusterd0-9.1-1.3.x86_64",
"product_id": "libglusterd0-9.1-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "libglusterfs0-9.1-1.3.x86_64",
"product": {
"name": "libglusterfs0-9.1-1.3.x86_64",
"product_id": "libglusterfs0-9.1-1.3.x86_64"
}
},
{
"category": "product_version",
"name": "python3-gluster-9.1-1.3.x86_64",
"product": {
"name": "python3-gluster-9.1-1.3.x86_64",
"product_id": "python3-gluster-9.1-1.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-9.1-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64"
},
"product_reference": "glusterfs-9.1-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-9.1-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le"
},
"product_reference": "glusterfs-9.1-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-9.1-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x"
},
"product_reference": "glusterfs-9.1-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-9.1-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64"
},
"product_reference": "glusterfs-9.1-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-9.1-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64"
},
"product_reference": "glusterfs-devel-9.1-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-9.1-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le"
},
"product_reference": "glusterfs-devel-9.1-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-9.1-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x"
},
"product_reference": "glusterfs-devel-9.1-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-9.1-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64"
},
"product_reference": "glusterfs-devel-9.1-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfapi0-9.1-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64"
},
"product_reference": "libgfapi0-9.1-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfapi0-9.1-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le"
},
"product_reference": "libgfapi0-9.1-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfapi0-9.1-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x"
},
"product_reference": "libgfapi0-9.1-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfapi0-9.1-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64"
},
"product_reference": "libgfapi0-9.1-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfchangelog0-9.1-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64"
},
"product_reference": "libgfchangelog0-9.1-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfchangelog0-9.1-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le"
},
"product_reference": "libgfchangelog0-9.1-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfchangelog0-9.1-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x"
},
"product_reference": "libgfchangelog0-9.1-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfchangelog0-9.1-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64"
},
"product_reference": "libgfchangelog0-9.1-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfrpc0-9.1-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64"
},
"product_reference": "libgfrpc0-9.1-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfrpc0-9.1-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le"
},
"product_reference": "libgfrpc0-9.1-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfrpc0-9.1-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x"
},
"product_reference": "libgfrpc0-9.1-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfrpc0-9.1-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64"
},
"product_reference": "libgfrpc0-9.1-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfxdr0-9.1-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64"
},
"product_reference": "libgfxdr0-9.1-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfxdr0-9.1-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le"
},
"product_reference": "libgfxdr0-9.1-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfxdr0-9.1-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x"
},
"product_reference": "libgfxdr0-9.1-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgfxdr0-9.1-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64"
},
"product_reference": "libgfxdr0-9.1-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libglusterd0-9.1-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64"
},
"product_reference": "libglusterd0-9.1-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libglusterd0-9.1-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le"
},
"product_reference": "libglusterd0-9.1-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libglusterd0-9.1-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x"
},
"product_reference": "libglusterd0-9.1-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libglusterd0-9.1-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64"
},
"product_reference": "libglusterd0-9.1-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libglusterfs0-9.1-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64"
},
"product_reference": "libglusterfs0-9.1-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libglusterfs0-9.1-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le"
},
"product_reference": "libglusterfs0-9.1-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libglusterfs0-9.1-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x"
},
"product_reference": "libglusterfs0-9.1-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libglusterfs0-9.1-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64"
},
"product_reference": "libglusterfs0-9.1-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-gluster-9.1-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64"
},
"product_reference": "python3-gluster-9.1-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-gluster-9.1-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le"
},
"product_reference": "python3-gluster-9.1-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-gluster-9.1-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x"
},
"product_reference": "python3-gluster-9.1-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-gluster-9.1-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
},
"product_reference": "python3-gluster-9.1-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1088"
}
],
"notes": [
{
"category": "general",
"text": "A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1088",
"url": "https://www.suse.com/security/cve/CVE-2018-1088"
},
{
"category": "external",
"summary": "SUSE Bug 1090084 for CVE-2018-1088",
"url": "https://bugzilla.suse.com/1090084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-1088"
},
{
"cve": "CVE-2018-10904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10904"
}
],
"notes": [
{
"category": "general",
"text": "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10904",
"url": "https://www.suse.com/security/cve/CVE-2018-10904"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10904",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107018 for CVE-2018-10904",
"url": "https://bugzilla.suse.com/1107018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-10904"
},
{
"cve": "CVE-2018-10911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10911"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10911",
"url": "https://www.suse.com/security/cve/CVE-2018-10911"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10911",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107020 for CVE-2018-10911",
"url": "https://bugzilla.suse.com/1107020"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10911"
},
{
"cve": "CVE-2018-10914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10914"
}
],
"notes": [
{
"category": "general",
"text": "It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10914",
"url": "https://www.suse.com/security/cve/CVE-2018-10914"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10914",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107022 for CVE-2018-10914",
"url": "https://bugzilla.suse.com/1107022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10914"
},
{
"cve": "CVE-2018-10924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10924"
}
],
"notes": [
{
"category": "general",
"text": "It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10924",
"url": "https://www.suse.com/security/cve/CVE-2018-10924"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10924",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107024 for CVE-2018-10924",
"url": "https://bugzilla.suse.com/1107024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10924"
},
{
"cve": "CVE-2018-10927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10927"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10927",
"url": "https://www.suse.com/security/cve/CVE-2018-10927"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10927",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107026 for CVE-2018-10927",
"url": "https://bugzilla.suse.com/1107026"
},
{
"category": "external",
"summary": "SUSE Bug 1112909 for CVE-2018-10927",
"url": "https://bugzilla.suse.com/1112909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-10927"
},
{
"cve": "CVE-2018-10928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10928"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10928",
"url": "https://www.suse.com/security/cve/CVE-2018-10928"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10928",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107027 for CVE-2018-10928",
"url": "https://bugzilla.suse.com/1107027"
},
{
"category": "external",
"summary": "SUSE Bug 1112909 for CVE-2018-10928",
"url": "https://bugzilla.suse.com/1112909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-10928"
},
{
"cve": "CVE-2018-10930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10930"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10930",
"url": "https://www.suse.com/security/cve/CVE-2018-10930"
},
{
"category": "external",
"summary": "SUSE Bug 1105776 for CVE-2018-10930",
"url": "https://bugzilla.suse.com/1105776"
},
{
"category": "external",
"summary": "SUSE Bug 1107029 for CVE-2018-10930",
"url": "https://bugzilla.suse.com/1107029"
},
{
"category": "external",
"summary": "SUSE Bug 1112909 for CVE-2018-10930",
"url": "https://bugzilla.suse.com/1112909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:glusterfs-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-9.1-1.3.x86_64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.aarch64",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.s390x",
"openSUSE Tumbleweed:glusterfs-devel-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfapi0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfchangelog0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfrpc0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libgfxdr0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterd0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.aarch64",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.s390x",
"openSUSE Tumbleweed:libglusterfs0-9.1-1.3.x86_64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.aarch64",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.ppc64le",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.s390x",
"openSUSE Tumbleweed:python3-gluster-9.1-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10930"
}
]
}
RHSA-2018:2607
Vulnerability from csaf_redhat - Published: 2018-09-04 06:24 - Updated: 2026-04-30 16:10Summary
Red Hat Security Advisory: Red Hat Gluster Storage security, bug fix, and enhancement update
Severity
Important
Notes
Topic: Updated glusterfs packages that fix multiple security issues and bugs, and add various enhancements are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system.
Security Fix(es):
* glusterfs: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code (CVE-2018-10904)
* glusterfs: Stack-based buffer overflow in server-rpc-fops.c allows remote attackers to execute arbitrary code (CVE-2018-10907)
* glusterfs: I/O to arbitrary devices on storage server (CVE-2018-10923)
* glusterfs: Device files can be created in arbitrary locations (CVE-2018-10926)
* glusterfs: File status information leak and denial of service (CVE-2018-10927)
* glusterfs: Improper resolution of symlinks allows for privilege escalation (CVE-2018-10928)
* glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code (CVE-2018-10929)
* glusterfs: Files can be renamed outside volume (CVE-2018-10930)
* glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911)
* glusterfs: remote denial of service of gluster volumes via posix_get_file_contents function in posix-helpers.c (CVE-2018-10914)
* glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c (CVE-2018-10913)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting these issues.
Additional Changes:
These updated glusterfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:
https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/3.4/html/3.4_release_notes/
All users of Red Hat Gluster Storage are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. An attacker can use this flaw to create files and execute arbitrary code. To exploit this, the attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
6.8 (Medium)
Affected products
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
It was found that glusterfs server is vulnerable to mulitple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.
6.8 (Medium)
Affected products
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in dict.c:dict_unserialize function of glusterfs, dic_unserialize function does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
6.5 (Medium)
Affected products
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
CWE-209 - Generation of Error Message Containing Sensitive InformationAffected products
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.
5.5 (Medium)
Affected products
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.
6.8 (Medium)
Affected products
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
6.8 (Medium)
Affected products
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
6.8 (Medium)
Affected products
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.
6.8 (Medium)
Affected products
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
6.8 (Medium)
Affected products
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
6.8 (Medium)
Affected products
Fixed
45 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
383 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2607 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/site/documentation/en-U… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1118770 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1167789 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1186664 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1215556 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1226874 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1234884 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1260479 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1262230 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1277924 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1282318 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1282731 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1283045 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1286092 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1286820 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1288115 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1293332 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1293349 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1294412 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1299740 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301474 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1319271 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1324531 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1330526 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1333705 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1338693 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1339054 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1339765 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1341190 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1342785 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1345828 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1356454 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1360331 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1361209 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1369312 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1369420 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1375094 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1378371 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1384762 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1384979 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1384983 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388218 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1392905 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1397798 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1401969 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1406363 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1408158 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1408354 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1409102 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1410719 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1413005 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1413959 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1414456 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1419438 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1419807 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1425681 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1426042 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1436673 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1442983 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1444820 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1446046 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1448334 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1449638 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1449867 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1452915 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1459101 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1459895 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1460639 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1460918 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1461695 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1463112 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1463114 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1463592 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1463964 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1464150 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1464350 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1466122 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1466129 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1467536 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1468972 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1470566 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1470599 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1470967 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1472757 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1474012 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1474745 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1475466 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1475475 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1475779 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1475789 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1476827 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1476876 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1477087 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1477250 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1478395 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1479335 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1480041 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1480042 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1480188 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1482376 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1482812 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1483541 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1483730 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1483828 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1484113 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1484446 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1487495 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1488120 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1489876 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1491785 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1492591 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1492782 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1493085 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1495161 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1498391 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1498730 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1499644 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1499784 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1499865 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1500704 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1501013 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1501023 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1501253 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1501345 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1501885 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1502812 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1503167 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1503173 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1503174 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1503244 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1504234 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1505363 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1507361 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1507394 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1508780 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1508999 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1509102 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1509191 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1509810 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1509830 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1509833 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1510725 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1511766 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1511767 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1512496 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1512963 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1515051 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1516249 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1517463 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1517987 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1518260 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1519076 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1519740 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1520767 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1522833 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1523216 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1527309 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1528566 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1528733 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1529072 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1529451 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1530146 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1530325 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1530512 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1530519 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1531041 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1534253 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1534530 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1535281 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1535852 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1537357 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1538366 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1539699 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1540600 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1540664 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1540908 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1540961 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1541122 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1541830 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1541932 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1543068 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1543296 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1544382 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1544451 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1544824 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1544852 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1545277 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1545486 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1545523 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1545570 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1546075 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1546717 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1546941 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1546945 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1546960 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1547012 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1547903 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1548337 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1548829 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1549023 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1550315 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1550474 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1550771 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1550896 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1550918 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1550982 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1550991 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1551186 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1552360 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1552414 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1552425 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1553677 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1554291 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1554905 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1555261 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1556895 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1557297 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1557365 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1557551 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1558433 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1558463 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1558515 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1558517 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1558948 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1558989 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1558990 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1558991 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1558993 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1558994 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1558995 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1559084 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1559452 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1559788 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1559831 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1559884 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1559886 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1560955 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1561733 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1561999 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1562744 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1563692 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1563804 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1565015 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1565119 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1565399 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1565577 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1565962 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1566336 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1567001 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1567100 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1567110 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1567899 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1568297 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1568374 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1568655 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1568896 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1569457 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1569490 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1569951 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1570514 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1570541 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1570582 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1570586 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1571645 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1572043 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1572075 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1572087 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1572570 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1572585 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1575539 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1575555 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1575557 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1575840 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1575877 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1575895 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1577051 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1578647 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1579981 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1580120 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1580344 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1581047 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1581057 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1581184 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1581219 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1581231 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1581553 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1581647 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1582066 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1582119 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1582417 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1583047 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1588408 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1592666 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1593865 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1594658 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1597506 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1597511 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1597654 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1597768 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1598105 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1598356 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1598384 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1599037 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1599362 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1599823 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1599998 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1600057 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1600790 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1601245 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1601298 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1601314 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1601331 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1601642 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1601657 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1607617 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1607618 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1608352 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1609163 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1609724 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1610659 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1611151 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1612098 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1612658 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1612659 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1612660 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1612664 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1613143 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1615338 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1615440 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1615911 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1619416 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1619538 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1620469 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1620765 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1622029 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1622452 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2018-10904 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1601298 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-10904 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-10904 | external |
| https://access.redhat.com/security/cve/CVE-2018-10907 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1601642 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-10907 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-10907 | external |
| https://access.redhat.com/security/cve/CVE-2018-10911 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1601657 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-10911 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-10911 | external |
| https://access.redhat.com/security/cve/CVE-2018-10913 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1607618 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-10913 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-10913 | external |
| https://access.redhat.com/security/cve/CVE-2018-10914 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1607617 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-10914 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-10914 | external |
| https://access.redhat.com/security/cve/CVE-2018-10923 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1610659 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-10923 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-10923 | external |
| https://access.redhat.com/security/cve/CVE-2018-10926 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1613143 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-10926 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-10926 | external |
| https://access.redhat.com/security/cve/CVE-2018-10927 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1612658 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-10927 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-10927 | external |
| https://access.redhat.com/security/cve/CVE-2018-10928 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1612659 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-10928 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-10928 | external |
| https://access.redhat.com/security/cve/CVE-2018-10929 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1612660 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-10929 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-10929 | external |
| https://access.redhat.com/security/cve/CVE-2018-10930 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1612664 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-10930 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-10930 | external |
Acknowledgments
hansmi.ch
Michael Hanselmann
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated glusterfs packages that fix multiple security issues and bugs, and add various enhancements are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system.\n\nSecurity Fix(es):\n\n* glusterfs: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code (CVE-2018-10904)\n\n* glusterfs: Stack-based buffer overflow in server-rpc-fops.c allows remote attackers to execute arbitrary code (CVE-2018-10907)\n\n* glusterfs: I/O to arbitrary devices on storage server (CVE-2018-10923)\n\n* glusterfs: Device files can be created in arbitrary locations (CVE-2018-10926)\n\n* glusterfs: File status information leak and denial of service (CVE-2018-10927)\n\n* glusterfs: Improper resolution of symlinks allows for privilege escalation (CVE-2018-10928)\n\n* glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code (CVE-2018-10929)\n\n* glusterfs: Files can be renamed outside volume (CVE-2018-10930)\n\n* glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911)\n\n* glusterfs: remote denial of service of gluster volumes via posix_get_file_contents function in posix-helpers.c (CVE-2018-10914)\n\n* glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c (CVE-2018-10913)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting these issues.\n\nAdditional Changes:\n\nThese updated glusterfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/3.4/html/3.4_release_notes/\n\nAll users of Red Hat Gluster Storage are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2607",
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/3.4/html/3.4_release_notes/",
"url": "https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/3.4/html/3.4_release_notes/"
},
{
"category": "external",
"summary": "1118770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118770"
},
{
"category": "external",
"summary": "1167789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1167789"
},
{
"category": "external",
"summary": "1186664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186664"
},
{
"category": "external",
"summary": "1215556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1215556"
},
{
"category": "external",
"summary": "1226874",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226874"
},
{
"category": "external",
"summary": "1234884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234884"
},
{
"category": "external",
"summary": "1260479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260479"
},
{
"category": "external",
"summary": "1262230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262230"
},
{
"category": "external",
"summary": "1277924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277924"
},
{
"category": "external",
"summary": "1282318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282318"
},
{
"category": "external",
"summary": "1282731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282731"
},
{
"category": "external",
"summary": "1283045",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283045"
},
{
"category": "external",
"summary": "1286092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286092"
},
{
"category": "external",
"summary": "1286820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286820"
},
{
"category": "external",
"summary": "1288115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288115"
},
{
"category": "external",
"summary": "1293332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293332"
},
{
"category": "external",
"summary": "1293349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293349"
},
{
"category": "external",
"summary": "1294412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1294412"
},
{
"category": "external",
"summary": "1299740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1299740"
},
{
"category": "external",
"summary": "1301474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301474"
},
{
"category": "external",
"summary": "1319271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319271"
},
{
"category": "external",
"summary": "1324531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1324531"
},
{
"category": "external",
"summary": "1330526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330526"
},
{
"category": "external",
"summary": "1333705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333705"
},
{
"category": "external",
"summary": "1338693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1338693"
},
{
"category": "external",
"summary": "1339054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339054"
},
{
"category": "external",
"summary": "1339765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339765"
},
{
"category": "external",
"summary": "1341190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341190"
},
{
"category": "external",
"summary": "1342785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1342785"
},
{
"category": "external",
"summary": "1345828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1345828"
},
{
"category": "external",
"summary": "1356454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356454"
},
{
"category": "external",
"summary": "1360331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1360331"
},
{
"category": "external",
"summary": "1361209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361209"
},
{
"category": "external",
"summary": "1369312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369312"
},
{
"category": "external",
"summary": "1369420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369420"
},
{
"category": "external",
"summary": "1375094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375094"
},
{
"category": "external",
"summary": "1378371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378371"
},
{
"category": "external",
"summary": "1384762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384762"
},
{
"category": "external",
"summary": "1384979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384979"
},
{
"category": "external",
"summary": "1384983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384983"
},
{
"category": "external",
"summary": "1388218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388218"
},
{
"category": "external",
"summary": "1392905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1392905"
},
{
"category": "external",
"summary": "1397798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397798"
},
{
"category": "external",
"summary": "1401969",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401969"
},
{
"category": "external",
"summary": "1406363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406363"
},
{
"category": "external",
"summary": "1408158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408158"
},
{
"category": "external",
"summary": "1408354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408354"
},
{
"category": "external",
"summary": "1409102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409102"
},
{
"category": "external",
"summary": "1410719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410719"
},
{
"category": "external",
"summary": "1413005",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413005"
},
{
"category": "external",
"summary": "1413959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413959"
},
{
"category": "external",
"summary": "1414456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414456"
},
{
"category": "external",
"summary": "1419438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419438"
},
{
"category": "external",
"summary": "1419807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419807"
},
{
"category": "external",
"summary": "1425681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1425681"
},
{
"category": "external",
"summary": "1426042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1426042"
},
{
"category": "external",
"summary": "1436673",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436673"
},
{
"category": "external",
"summary": "1442983",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1442983"
},
{
"category": "external",
"summary": "1444820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444820"
},
{
"category": "external",
"summary": "1446046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446046"
},
{
"category": "external",
"summary": "1448334",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1448334"
},
{
"category": "external",
"summary": "1449638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449638"
},
{
"category": "external",
"summary": "1449867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449867"
},
{
"category": "external",
"summary": "1452915",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452915"
},
{
"category": "external",
"summary": "1459101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459101"
},
{
"category": "external",
"summary": "1459895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459895"
},
{
"category": "external",
"summary": "1460639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460639"
},
{
"category": "external",
"summary": "1460918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460918"
},
{
"category": "external",
"summary": "1461695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461695"
},
{
"category": "external",
"summary": "1463112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463112"
},
{
"category": "external",
"summary": "1463114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463114"
},
{
"category": "external",
"summary": "1463592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463592"
},
{
"category": "external",
"summary": "1463964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463964"
},
{
"category": "external",
"summary": "1464150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464150"
},
{
"category": "external",
"summary": "1464350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464350"
},
{
"category": "external",
"summary": "1466122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466122"
},
{
"category": "external",
"summary": "1466129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466129"
},
{
"category": "external",
"summary": "1467536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1467536"
},
{
"category": "external",
"summary": "1468972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468972"
},
{
"category": "external",
"summary": "1470566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470566"
},
{
"category": "external",
"summary": "1470599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470599"
},
{
"category": "external",
"summary": "1470967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470967"
},
{
"category": "external",
"summary": "1472757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472757"
},
{
"category": "external",
"summary": "1474012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474012"
},
{
"category": "external",
"summary": "1474745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474745"
},
{
"category": "external",
"summary": "1475466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475466"
},
{
"category": "external",
"summary": "1475475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475475"
},
{
"category": "external",
"summary": "1475779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475779"
},
{
"category": "external",
"summary": "1475789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475789"
},
{
"category": "external",
"summary": "1476827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1476827"
},
{
"category": "external",
"summary": "1476876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1476876"
},
{
"category": "external",
"summary": "1477087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477087"
},
{
"category": "external",
"summary": "1477250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477250"
},
{
"category": "external",
"summary": "1478395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1478395"
},
{
"category": "external",
"summary": "1479335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479335"
},
{
"category": "external",
"summary": "1480041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480041"
},
{
"category": "external",
"summary": "1480042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480042"
},
{
"category": "external",
"summary": "1480188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480188"
},
{
"category": "external",
"summary": "1482376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482376"
},
{
"category": "external",
"summary": "1482812",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482812"
},
{
"category": "external",
"summary": "1483541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483541"
},
{
"category": "external",
"summary": "1483730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483730"
},
{
"category": "external",
"summary": "1483828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483828"
},
{
"category": "external",
"summary": "1484113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484113"
},
{
"category": "external",
"summary": "1484446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484446"
},
{
"category": "external",
"summary": "1487495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487495"
},
{
"category": "external",
"summary": "1488120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488120"
},
{
"category": "external",
"summary": "1489876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489876"
},
{
"category": "external",
"summary": "1491785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491785"
},
{
"category": "external",
"summary": "1492591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492591"
},
{
"category": "external",
"summary": "1492782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492782"
},
{
"category": "external",
"summary": "1493085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493085"
},
{
"category": "external",
"summary": "1495161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495161"
},
{
"category": "external",
"summary": "1498391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498391"
},
{
"category": "external",
"summary": "1498730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498730"
},
{
"category": "external",
"summary": "1499644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499644"
},
{
"category": "external",
"summary": "1499784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499784"
},
{
"category": "external",
"summary": "1499865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499865"
},
{
"category": "external",
"summary": "1500704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500704"
},
{
"category": "external",
"summary": "1501013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501013"
},
{
"category": "external",
"summary": "1501023",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501023"
},
{
"category": "external",
"summary": "1501253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501253"
},
{
"category": "external",
"summary": "1501345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501345"
},
{
"category": "external",
"summary": "1501885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501885"
},
{
"category": "external",
"summary": "1502812",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502812"
},
{
"category": "external",
"summary": "1503167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503167"
},
{
"category": "external",
"summary": "1503173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503173"
},
{
"category": "external",
"summary": "1503174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503174"
},
{
"category": "external",
"summary": "1503244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503244"
},
{
"category": "external",
"summary": "1504234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504234"
},
{
"category": "external",
"summary": "1505363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505363"
},
{
"category": "external",
"summary": "1507361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507361"
},
{
"category": "external",
"summary": "1507394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507394"
},
{
"category": "external",
"summary": "1508780",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508780"
},
{
"category": "external",
"summary": "1508999",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508999"
},
{
"category": "external",
"summary": "1509102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509102"
},
{
"category": "external",
"summary": "1509191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509191"
},
{
"category": "external",
"summary": "1509810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509810"
},
{
"category": "external",
"summary": "1509830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509830"
},
{
"category": "external",
"summary": "1509833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509833"
},
{
"category": "external",
"summary": "1510725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510725"
},
{
"category": "external",
"summary": "1511766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1511766"
},
{
"category": "external",
"summary": "1511767",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1511767"
},
{
"category": "external",
"summary": "1512496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512496"
},
{
"category": "external",
"summary": "1512963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512963"
},
{
"category": "external",
"summary": "1515051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515051"
},
{
"category": "external",
"summary": "1516249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516249"
},
{
"category": "external",
"summary": "1517463",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517463"
},
{
"category": "external",
"summary": "1517987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517987"
},
{
"category": "external",
"summary": "1518260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518260"
},
{
"category": "external",
"summary": "1519076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519076"
},
{
"category": "external",
"summary": "1519740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519740"
},
{
"category": "external",
"summary": "1520767",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520767"
},
{
"category": "external",
"summary": "1522833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1522833"
},
{
"category": "external",
"summary": "1523216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523216"
},
{
"category": "external",
"summary": "1527309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1527309"
},
{
"category": "external",
"summary": "1528566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528566"
},
{
"category": "external",
"summary": "1528733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528733"
},
{
"category": "external",
"summary": "1529072",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529072"
},
{
"category": "external",
"summary": "1529451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529451"
},
{
"category": "external",
"summary": "1530146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530146"
},
{
"category": "external",
"summary": "1530325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530325"
},
{
"category": "external",
"summary": "1530512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530512"
},
{
"category": "external",
"summary": "1530519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530519"
},
{
"category": "external",
"summary": "1531041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531041"
},
{
"category": "external",
"summary": "1534253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534253"
},
{
"category": "external",
"summary": "1534530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534530"
},
{
"category": "external",
"summary": "1535281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535281"
},
{
"category": "external",
"summary": "1535852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535852"
},
{
"category": "external",
"summary": "1537357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537357"
},
{
"category": "external",
"summary": "1538366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538366"
},
{
"category": "external",
"summary": "1539699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539699"
},
{
"category": "external",
"summary": "1540600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540600"
},
{
"category": "external",
"summary": "1540664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540664"
},
{
"category": "external",
"summary": "1540908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540908"
},
{
"category": "external",
"summary": "1540961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540961"
},
{
"category": "external",
"summary": "1541122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541122"
},
{
"category": "external",
"summary": "1541830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541830"
},
{
"category": "external",
"summary": "1541932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541932"
},
{
"category": "external",
"summary": "1543068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543068"
},
{
"category": "external",
"summary": "1543296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543296"
},
{
"category": "external",
"summary": "1544382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544382"
},
{
"category": "external",
"summary": "1544451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544451"
},
{
"category": "external",
"summary": "1544824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544824"
},
{
"category": "external",
"summary": "1544852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544852"
},
{
"category": "external",
"summary": "1545277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545277"
},
{
"category": "external",
"summary": "1545486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545486"
},
{
"category": "external",
"summary": "1545523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545523"
},
{
"category": "external",
"summary": "1545570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545570"
},
{
"category": "external",
"summary": "1546075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546075"
},
{
"category": "external",
"summary": "1546717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546717"
},
{
"category": "external",
"summary": "1546941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546941"
},
{
"category": "external",
"summary": "1546945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546945"
},
{
"category": "external",
"summary": "1546960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546960"
},
{
"category": "external",
"summary": "1547012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547012"
},
{
"category": "external",
"summary": "1547903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547903"
},
{
"category": "external",
"summary": "1548337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548337"
},
{
"category": "external",
"summary": "1548829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548829"
},
{
"category": "external",
"summary": "1549023",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549023"
},
{
"category": "external",
"summary": "1550315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550315"
},
{
"category": "external",
"summary": "1550474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550474"
},
{
"category": "external",
"summary": "1550771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550771"
},
{
"category": "external",
"summary": "1550896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550896"
},
{
"category": "external",
"summary": "1550918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550918"
},
{
"category": "external",
"summary": "1550982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550982"
},
{
"category": "external",
"summary": "1550991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550991"
},
{
"category": "external",
"summary": "1551186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551186"
},
{
"category": "external",
"summary": "1552360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552360"
},
{
"category": "external",
"summary": "1552414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552414"
},
{
"category": "external",
"summary": "1552425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552425"
},
{
"category": "external",
"summary": "1553677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553677"
},
{
"category": "external",
"summary": "1554291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554291"
},
{
"category": "external",
"summary": "1554905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554905"
},
{
"category": "external",
"summary": "1555261",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555261"
},
{
"category": "external",
"summary": "1556895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1556895"
},
{
"category": "external",
"summary": "1557297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557297"
},
{
"category": "external",
"summary": "1557365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557365"
},
{
"category": "external",
"summary": "1557551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557551"
},
{
"category": "external",
"summary": "1558433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558433"
},
{
"category": "external",
"summary": "1558463",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558463"
},
{
"category": "external",
"summary": "1558515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558515"
},
{
"category": "external",
"summary": "1558517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558517"
},
{
"category": "external",
"summary": "1558948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558948"
},
{
"category": "external",
"summary": "1558989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558989"
},
{
"category": "external",
"summary": "1558990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558990"
},
{
"category": "external",
"summary": "1558991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558991"
},
{
"category": "external",
"summary": "1558993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558993"
},
{
"category": "external",
"summary": "1558994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558994"
},
{
"category": "external",
"summary": "1558995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558995"
},
{
"category": "external",
"summary": "1559084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559084"
},
{
"category": "external",
"summary": "1559452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559452"
},
{
"category": "external",
"summary": "1559788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559788"
},
{
"category": "external",
"summary": "1559831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559831"
},
{
"category": "external",
"summary": "1559884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559884"
},
{
"category": "external",
"summary": "1559886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559886"
},
{
"category": "external",
"summary": "1560955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560955"
},
{
"category": "external",
"summary": "1561733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561733"
},
{
"category": "external",
"summary": "1561999",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561999"
},
{
"category": "external",
"summary": "1562744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562744"
},
{
"category": "external",
"summary": "1563692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563692"
},
{
"category": "external",
"summary": "1563804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563804"
},
{
"category": "external",
"summary": "1565015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565015"
},
{
"category": "external",
"summary": "1565119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565119"
},
{
"category": "external",
"summary": "1565399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565399"
},
{
"category": "external",
"summary": "1565577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565577"
},
{
"category": "external",
"summary": "1565962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565962"
},
{
"category": "external",
"summary": "1566336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566336"
},
{
"category": "external",
"summary": "1567001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567001"
},
{
"category": "external",
"summary": "1567100",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567100"
},
{
"category": "external",
"summary": "1567110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567110"
},
{
"category": "external",
"summary": "1567899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567899"
},
{
"category": "external",
"summary": "1568297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568297"
},
{
"category": "external",
"summary": "1568374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568374"
},
{
"category": "external",
"summary": "1568655",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568655"
},
{
"category": "external",
"summary": "1568896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568896"
},
{
"category": "external",
"summary": "1569457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569457"
},
{
"category": "external",
"summary": "1569490",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569490"
},
{
"category": "external",
"summary": "1569951",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569951"
},
{
"category": "external",
"summary": "1570514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570514"
},
{
"category": "external",
"summary": "1570541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570541"
},
{
"category": "external",
"summary": "1570582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570582"
},
{
"category": "external",
"summary": "1570586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570586"
},
{
"category": "external",
"summary": "1571645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571645"
},
{
"category": "external",
"summary": "1572043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572043"
},
{
"category": "external",
"summary": "1572075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572075"
},
{
"category": "external",
"summary": "1572087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572087"
},
{
"category": "external",
"summary": "1572570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572570"
},
{
"category": "external",
"summary": "1572585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572585"
},
{
"category": "external",
"summary": "1575539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575539"
},
{
"category": "external",
"summary": "1575555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575555"
},
{
"category": "external",
"summary": "1575557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575557"
},
{
"category": "external",
"summary": "1575840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575840"
},
{
"category": "external",
"summary": "1575877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575877"
},
{
"category": "external",
"summary": "1575895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575895"
},
{
"category": "external",
"summary": "1577051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577051"
},
{
"category": "external",
"summary": "1578647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578647"
},
{
"category": "external",
"summary": "1579981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579981"
},
{
"category": "external",
"summary": "1580120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580120"
},
{
"category": "external",
"summary": "1580344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580344"
},
{
"category": "external",
"summary": "1581047",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581047"
},
{
"category": "external",
"summary": "1581057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581057"
},
{
"category": "external",
"summary": "1581184",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581184"
},
{
"category": "external",
"summary": "1581219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581219"
},
{
"category": "external",
"summary": "1581231",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581231"
},
{
"category": "external",
"summary": "1581553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581553"
},
{
"category": "external",
"summary": "1581647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581647"
},
{
"category": "external",
"summary": "1582066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582066"
},
{
"category": "external",
"summary": "1582119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582119"
},
{
"category": "external",
"summary": "1582417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582417"
},
{
"category": "external",
"summary": "1583047",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583047"
},
{
"category": "external",
"summary": "1588408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588408"
},
{
"category": "external",
"summary": "1592666",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592666"
},
{
"category": "external",
"summary": "1593865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593865"
},
{
"category": "external",
"summary": "1594658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594658"
},
{
"category": "external",
"summary": "1597506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597506"
},
{
"category": "external",
"summary": "1597511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597511"
},
{
"category": "external",
"summary": "1597654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597654"
},
{
"category": "external",
"summary": "1597768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597768"
},
{
"category": "external",
"summary": "1598105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598105"
},
{
"category": "external",
"summary": "1598356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598356"
},
{
"category": "external",
"summary": "1598384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598384"
},
{
"category": "external",
"summary": "1599037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599037"
},
{
"category": "external",
"summary": "1599362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599362"
},
{
"category": "external",
"summary": "1599823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599823"
},
{
"category": "external",
"summary": "1599998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599998"
},
{
"category": "external",
"summary": "1600057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600057"
},
{
"category": "external",
"summary": "1600790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600790"
},
{
"category": "external",
"summary": "1601245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601245"
},
{
"category": "external",
"summary": "1601298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601298"
},
{
"category": "external",
"summary": "1601314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601314"
},
{
"category": "external",
"summary": "1601331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601331"
},
{
"category": "external",
"summary": "1601642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601642"
},
{
"category": "external",
"summary": "1601657",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601657"
},
{
"category": "external",
"summary": "1607617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607617"
},
{
"category": "external",
"summary": "1607618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607618"
},
{
"category": "external",
"summary": "1608352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608352"
},
{
"category": "external",
"summary": "1609163",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609163"
},
{
"category": "external",
"summary": "1609724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609724"
},
{
"category": "external",
"summary": "1610659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610659"
},
{
"category": "external",
"summary": "1611151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1611151"
},
{
"category": "external",
"summary": "1612098",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612098"
},
{
"category": "external",
"summary": "1612658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612658"
},
{
"category": "external",
"summary": "1612659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612659"
},
{
"category": "external",
"summary": "1612660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612660"
},
{
"category": "external",
"summary": "1612664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612664"
},
{
"category": "external",
"summary": "1613143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1613143"
},
{
"category": "external",
"summary": "1615338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1615338"
},
{
"category": "external",
"summary": "1615440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1615440"
},
{
"category": "external",
"summary": "1615911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1615911"
},
{
"category": "external",
"summary": "1619416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619416"
},
{
"category": "external",
"summary": "1619538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619538"
},
{
"category": "external",
"summary": "1620469",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620469"
},
{
"category": "external",
"summary": "1620765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620765"
},
{
"category": "external",
"summary": "1622029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622029"
},
{
"category": "external",
"summary": "1622452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622452"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2607.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Gluster Storage security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-04-30T16:10:10+00:00",
"generator": {
"date": "2026-04-30T16:10:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2018:2607",
"initial_release_date": "2018-09-04T06:24:50+00:00",
"revision_history": [
{
"date": "2018-09-04T06:24:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-09-04T06:24:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:10:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product": {
"name": "Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:server:el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product": {
"name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3:client:el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product": {
"name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"product": {
"name": "redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"product_id": "redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-server@7.5-11.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-devel@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-libs@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-api@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-debuginfo@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-api-devel@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-fuse@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-server@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-client-xlators@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-gluster@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-rdma@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-cli@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-geo-replication@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-events@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"product": {
"name": "glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"product_id": "glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-ganesha@3.12.2-18.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python2-gluster-0:3.12.2-18.el7.x86_64",
"product": {
"name": "python2-gluster-0:3.12.2-18.el7.x86_64",
"product_id": "python2-gluster-0:3.12.2-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-gluster@3.12.2-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-libs-0:3.12.2-18.el7.x86_64",
"product": {
"name": "glusterfs-libs-0:3.12.2-18.el7.x86_64",
"product_id": "glusterfs-libs-0:3.12.2-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-libs@3.12.2-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-cli-0:3.12.2-18.el7.x86_64",
"product": {
"name": "glusterfs-cli-0:3.12.2-18.el7.x86_64",
"product_id": "glusterfs-cli-0:3.12.2-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-cli@3.12.2-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"product": {
"name": "glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"product_id": "glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-api-devel@3.12.2-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"product": {
"name": "glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"product_id": "glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-fuse@3.12.2-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"product": {
"name": "glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"product_id": "glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-rdma@3.12.2-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-devel-0:3.12.2-18.el7.x86_64",
"product": {
"name": "glusterfs-devel-0:3.12.2-18.el7.x86_64",
"product_id": "glusterfs-devel-0:3.12.2-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-devel@3.12.2-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"product": {
"name": "glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"product_id": "glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-client-xlators@3.12.2-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.12.2-18.el7.x86_64",
"product": {
"name": "glusterfs-0:3.12.2-18.el7.x86_64",
"product_id": "glusterfs-0:3.12.2-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.12.2-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-api-0:3.12.2-18.el7.x86_64",
"product": {
"name": "glusterfs-api-0:3.12.2-18.el7.x86_64",
"product_id": "glusterfs-api-0:3.12.2-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-api@3.12.2-18.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"product": {
"name": "glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"product_id": "glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-debuginfo@3.12.2-18.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-server-0:7.5-11.el7rhgs.src",
"product": {
"name": "redhat-release-server-0:7.5-11.el7rhgs.src",
"product_id": "redhat-release-server-0:7.5-11.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-server@7.5-11.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"product": {
"name": "redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"product_id": "redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-storage-server@3.4.0.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.12.2-18.el7rhgs.src",
"product": {
"name": "glusterfs-0:3.12.2-18.el7rhgs.src",
"product_id": "glusterfs-0:3.12.2-18.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.12.2-18.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.12.2-18.el7.src",
"product": {
"name": "glusterfs-0:3.12.2-18.el7.src",
"product_id": "glusterfs-0:3.12.2-18.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.12.2-18.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"product": {
"name": "redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"product_id": "redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-storage-server@3.4.0.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"product": {
"name": "glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"product_id": "glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-resource-agents@3.12.2-18.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.12.2-18.el7rhgs.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src"
},
"product_reference": "glusterfs-0:3.12.2-18.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-api-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-events-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch"
},
"product_reference": "glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-server-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-gluster-0:3.12.2-18.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64"
},
"product_reference": "python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-server-0:7.5-11.el7rhgs.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src"
},
"product_reference": "redhat-release-server-0:7.5-11.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-server-0:7.5-11.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64"
},
"product_reference": "redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch"
},
"product_reference": "redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-storage-server-0:3.4.0.0-1.el7rhgs.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src"
},
"product_reference": "redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.12.2-18.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src"
},
"product_reference": "glusterfs-0:3.12.2-18.el7.src",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.12.2-18.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-api-0:3.12.2-18.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-api-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-api-devel-0:3.12.2-18.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-cli-0:3.12.2-18.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-cli-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-0:3.12.2-18.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-devel-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-fuse-0:3.12.2-18.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-libs-0:3.12.2-18.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-libs-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-rdma-0:3.12.2-18.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-gluster-0:3.12.2-18.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
"product_id": "7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64"
},
"product_reference": "python2-gluster-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-Agents-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.12.2-18.el7.src as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src"
},
"product_reference": "glusterfs-0:3.12.2-18.el7.src",
"relates_to_product_reference": "7Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.12.2-18.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-api-0:3.12.2-18.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-api-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-api-devel-0:3.12.2-18.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-cli-0:3.12.2-18.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-cli-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-client-xlators-0:3.12.2-18.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-debuginfo-0:3.12.2-18.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-0:3.12.2-18.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-devel-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-fuse-0:3.12.2-18.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-libs-0:3.12.2-18.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-libs-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-rdma-0:3.12.2-18.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64"
},
"product_reference": "glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-gluster-0:3.12.2-18.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
"product_id": "7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
},
"product_reference": "python2-gluster-0:3.12.2-18.el7.x86_64",
"relates_to_product_reference": "7Server-RHSClient"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-10904",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2018-07-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601298"
}
],
"notes": [
{
"category": "description",
"text": "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. An attacker can use this flaw to create files and execute arbitrary code. To exploit this, the attacker would require sufficient access to modify the extended attributes of files on a gluster volume.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10904"
},
{
"category": "external",
"summary": "RHBZ#1601298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10904",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10904"
}
],
"release_date": "2018-09-04T05:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-04T06:24:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"category": "workaround",
"details": "To limit exposure of gluster server nodes : \n\n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\n\ncaveat: This does not protect from attacks against authenticated gluster clients.",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glusterfs: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code"
},
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-10907",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2018-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601642"
}
],
"notes": [
{
"category": "description",
"text": "It was found that glusterfs server is vulnerable to mulitple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using \u0027alloca(3)\u0027. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: Stack-based buffer overflow in server-rpc-fops.c allows remote attackers to execute arbitrary code",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10907"
},
{
"category": "external",
"summary": "RHBZ#1601642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601642"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10907",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10907"
}
],
"release_date": "2018-09-04T05:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-04T06:24:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"category": "workaround",
"details": "To limit exposure of gluster server nodes : \n\n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\n\ncaveat: This does not protect from attacks by authenticated gluster clients.",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glusterfs: Stack-based buffer overflow in server-rpc-fops.c allows remote attackers to execute arbitrary code"
},
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-10911",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601657"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in dict.c:dict_unserialize function of glusterfs, dic_unserialize function does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10911"
},
{
"category": "external",
"summary": "RHBZ#1601657",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601657"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10911"
}
],
"release_date": "2018-09-04T05:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-04T06:24:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory"
},
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-10913",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2018-07-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1607618"
}
],
"notes": [
{
"category": "description",
"text": "An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10913"
},
{
"category": "external",
"summary": "RHBZ#1607618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10913",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10913"
}
],
"release_date": "2018-09-04T05:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-04T06:24:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"category": "workaround",
"details": "SELinux mitigates this issue on Red Hat Gluster Storage 3. SELinux should be in enforcing mode only as permissive mode does not block attacks.",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c"
},
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-10914",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-07-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1607617"
}
],
"notes": [
{
"category": "description",
"text": "It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: remote denial of service of gluster volumes via posix_get_file_contents function in posix-helpers.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10914"
},
{
"category": "external",
"summary": "RHBZ#1607617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10914"
}
],
"release_date": "2018-09-04T05:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-04T06:24:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"category": "workaround",
"details": "SELinux mitigates this issue on Red Hat Gluster Storage 3. SELinux should be in enforcing mode only as permissive mode does not block attacks.",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glusterfs: remote denial of service of gluster volumes via posix_get_file_contents function in posix-helpers.c"
},
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-10923",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1610659"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the \"mknod\" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: I/O to arbitrary devices on storage server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10923"
},
{
"category": "external",
"summary": "RHBZ#1610659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610659"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10923",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10923"
}
],
"release_date": "2018-09-04T05:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-04T06:24:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"category": "workaround",
"details": "To limit exposure of gluster server nodes : \n\n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\n\ncaveat: This does not protect from attacks by authenticated gluster clients.",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glusterfs: I/O to arbitrary devices on storage server"
},
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-10926",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1613143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: Device files can be created in arbitrary locations",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10926"
},
{
"category": "external",
"summary": "RHBZ#1613143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1613143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10926",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10926"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10926",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10926"
}
],
"release_date": "2018-09-04T05:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-04T06:24:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"category": "workaround",
"details": "To limit exposure of gluster server nodes : \n\n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\n\ncaveat: This does not protect from attacks by authenticated gluster clients.",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glusterfs: Device files can be created in arbitrary locations"
},
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-10927",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1612658"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: File status information leak and denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10927"
},
{
"category": "external",
"summary": "RHBZ#1612658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10927",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10927"
}
],
"release_date": "2018-09-04T05:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-04T06:24:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"category": "workaround",
"details": "To limit exposure of gluster server nodes : \n\n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\n\ncaveat: This does not protect from attacks by authenticated gluster clients.",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glusterfs: File status information leak and denial of service"
},
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-10928",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2018-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1612659"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: Improper resolution of symlinks allows for privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10928"
},
{
"category": "external",
"summary": "RHBZ#1612659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612659"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10928",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10928"
}
],
"release_date": "2018-09-04T05:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-04T06:24:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"category": "workaround",
"details": "To limit exposure of gluster server nodes : \n\n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\n\ncaveat: This does not protect from attacks by authenticated gluster clients.",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glusterfs: Improper resolution of symlinks allows for privilege escalation"
},
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-10929",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1612660"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10929"
},
{
"category": "external",
"summary": "RHBZ#1612660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612660"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10929",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10929"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10929",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10929"
}
],
"release_date": "2018-09-04T05:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-04T06:24:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"category": "workaround",
"details": "To limit exposure of gluster server nodes : \n\n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\n\ncaveat: This does not protect from attacks by authenticated gluster clients.",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code"
},
{
"acknowledgments": [
{
"names": [
"Michael Hanselmann"
],
"organization": "hansmi.ch"
}
],
"cve": "CVE-2018-10930",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1612664"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glusterfs: Files can be renamed outside volume",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10930"
},
{
"category": "external",
"summary": "RHBZ#1612664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10930",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10930"
}
],
"release_date": "2018-09-04T05:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-04T06:24:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"category": "workaround",
"details": "To limit exposure of gluster server nodes : \n\n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\n\ncaveat: This does not protect from attacks by authenticated gluster clients.",
"product_ids": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-18.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-18.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-Server:redhat-release-server-0:7.5-11.el7rhgs.x86_64",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.0.0-1.el7rhgs.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHEV-4-Agents-7:python2-gluster-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.src",
"7Server-RHSClient:glusterfs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-api-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-cli-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-devel-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-fuse-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-libs-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:glusterfs-rdma-0:3.12.2-18.el7.x86_64",
"7Server-RHSClient:python2-gluster-0:3.12.2-18.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glusterfs: Files can be renamed outside volume"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…