Overview

File _patchinfo of Package patchinfo.11791

<patchinfo incident="11791">
  <issue tracker="cve" id="2018-10928"/>
  <issue tracker="cve" id="2018-10914"/>
  <issue tracker="cve" id="2018-10904"/>
  <issue tracker="cve" id="2018-10913"/>
  <issue tracker="cve" id="2018-10929"/>
  <issue tracker="cve" id="2018-10923"/>
  <issue tracker="cve" id="2018-10911"/>
  <issue tracker="cve" id="2018-10926"/>
  <issue tracker="cve" id="2018-10927"/>
  <issue tracker="cve" id="2018-10930"/>
  <issue tracker="cve" id="2018-1088"/>
  <issue tracker="cve" id="2018-10907"/>
  <issue tracker="cve" id="2018-1112"/>
  <issue tracker="cve" id="2018-10924"/>
  <issue tracker="bnc" id="1107024">VUL-0: CVE-2018-10924: glusterfs: Denial-of-service via fsync(2) in Gluster FUSE client</issue>
  <issue tracker="bnc" id="1107025">VUL-0: CVE-2018-10926: glusterfs: Device files can be created in arbitrary locations</issue>
  <issue tracker="bnc" id="1107021">VUL-1: CVE-2018-10913: glusterfs:  Information Exposure in posix_get_file_contents function in posix-helpers.c</issue>
  <issue tracker="bnc" id="1107018">VUL-0: CVE-2018-10904: glusterfs: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code</issue>
  <issue tracker="bnc" id="1107023">VUL-0: CVE-2018-10923: glusterfs: I/O to arbitrary devices on storage server</issue>
  <issue tracker="bnc" id="1105776">VUL-0: glusterfs: various issues</issue>
  <issue tracker="bnc" id="1107027">VUL-0: CVE-2018-10928: glusterfs: Improper resolution of symlinks allows for privilege escalation</issue>
  <issue tracker="bnc" id="1107019">VUL-0: CVE-2018-10907: glusterfs: Stack-based buffer overflow in server-rpc-fops.c allows remote attackers to execute arbitrary code</issue>
  <issue tracker="bnc" id="1090084">VUL-0: CVE-2018-1088, CVE-2018-1112: glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled</issue>
  <issue tracker="bnc" id="1107028">VUL-0: CVE-2018-10929: glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code</issue>
  <issue tracker="bnc" id="1107029">VUL-0: CVE-2018-10930: glusterfs: Files can be renamed outside volume</issue>
  <issue tracker="bnc" id="1107022">VUL-0: CVE-2018-10914: glusterfs: remote denial of service of gluster volumes via posix_get_file_contents function in posix-helpers.c</issue>
  <issue tracker="bnc" id="1107026">VUL-0: CVE-2018-10927: glusterfs: File status information leak and denial of service</issue>
  <issue tracker="bnc" id="1107020">VUL-0: CVE-2018-10911: glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory</issue>
  <packager>jengelh</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for glusterfs</summary>
  <description>This update for glusterfs fixes the following issues:

glusterfs was update to release 3.12.15:

* Fixed a number of bugs and security issues:

- CVE-2018-1088, CVE-2018-1112 [boo#1090084],
  CVE-2018-10904 [boo#1107018], CVE-2018-10907 [boo#1107019],
  CVE-2018-10911 [boo#1107020], CVE-2018-10913 [boo#1107021],
  CVE-2018-10914 [boo#1107022], CVE-2018-10923 [boo#1107023],
  CVE-2018-10924 [boo#1107024], CVE-2018-10926 [boo#1107025],
  CVE-2018-10927 [boo#1107026], CVE-2018-10928 [boo#1107027],
  CVE-2018-10928 [boo#1107027], CVE-2018-10929 [boo#1107028],
  CVE-2018-10930 [boo#1107029], boo#1105776 .
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places