Security update for glusterfs
This update for glusterfs fixes the following issues:
glusterfs was update to release 3.12.15:
* Fixed a number of bugs and security issues:
- CVE-2018-1088, CVE-2018-1112 [boo#1090084],
CVE-2018-10904 [boo#1107018], CVE-2018-10907 [boo#1107019],
CVE-2018-10911 [boo#1107020], CVE-2018-10913 [boo#1107021],
CVE-2018-10914 [boo#1107022], CVE-2018-10923 [boo#1107023],
CVE-2018-10924 [boo#1107024], CVE-2018-10926 [boo#1107025],
CVE-2018-10927 [boo#1107026], CVE-2018-10928 [boo#1107027],
CVE-2018-10928 [boo#1107027], CVE-2018-10929 [boo#1107028],
CVE-2018-10930 [boo#1107029], boo#1105776 .
-
Submitted by
Jan Engelhardt (jengelh)
Fixed bugs
bnc#1107024
VUL-0: CVE-2018-10924: glusterfs: Denial-of-service via fsync(2) in Gluster FUSE client
bnc#1107025
VUL-0: CVE-2018-10926: glusterfs: Device files can be created in arbitrary locations
bnc#1107021
VUL-1: CVE-2018-10913: glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c
bnc#1107018
VUL-0: CVE-2018-10904: glusterfs: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code
bnc#1107023
VUL-0: CVE-2018-10923: glusterfs: I/O to arbitrary devices on storage server
bnc#1105776
VUL-0: glusterfs: various issues
bnc#1107027
VUL-0: CVE-2018-10928: glusterfs: Improper resolution of symlinks allows for privilege escalation
bnc#1107019
VUL-0: CVE-2018-10907: glusterfs: Stack-based buffer overflow in server-rpc-fops.c allows remote attackers to execute arbitrary code
bnc#1090084
VUL-0: CVE-2018-1088, CVE-2018-1112: glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled
bnc#1107028
VUL-0: CVE-2018-10929: glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code
bnc#1107029
VUL-0: CVE-2018-10930: glusterfs: Files can be renamed outside volume
bnc#1107022
VUL-0: CVE-2018-10914: glusterfs: remote denial of service of gluster volumes via posix_get_file_contents function in posix-helpers.c
bnc#1107026
VUL-0: CVE-2018-10927: glusterfs: File status information leak and denial of service
bnc#1107020
VUL-0: CVE-2018-10911: glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory
