- Issued:
- 2018-04-30
- Updated:
- 2018-04-30
RHSA-2018:1269 - Important: glusterfs security update
Synopsis
Important: glusterfs security update
Type/Severity
Security Advisory Important
Topic
An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system.
Security Fix(es):
- It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes. (CVE-2018-1112)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Virtualization | 4 | x86_64 |
| Red Hat Virtualization Host | 4 | x86_64 |
| Red Hat Gluster Storage Server for On-premise | 3 | x86_64 |
| Red Hat Enterprise Linux Server | 7 | x86_64 |
Updated Packages
- glusterfs-cli-3.8.4-54.8.el7.x86_64.rpm
- glusterfs-server-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-libs-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-3.8.4-54.8.el7.x86_64.rpm
- python-gluster-3.8.4-54.8.el7.noarch.rpm
- python-gluster-3.8.4-54.8.el7rhgs.noarch.rpm
- glusterfs-client-xlators-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-geo-replication-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-client-xlators-3.8.4-54.8.el7.x86_64.rpm
- glusterfs-libs-3.8.4-54.8.el7.x86_64.rpm
- glusterfs-resource-agents-3.8.4-54.8.el7rhgs.noarch.rpm
- glusterfs-events-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-api-3.8.4-54.8.el7.x86_64.rpm
- glusterfs-3.8.4-54.8.el7.src.rpm
- glusterfs-rdma-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-devel-3.8.4-54.8.el7.x86_64.rpm
- glusterfs-rdma-3.8.4-54.8.el7.x86_64.rpm
- glusterfs-devel-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-debuginfo-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-cli-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-ganesha-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-fuse-3.8.4-54.8.el7.x86_64.rpm
- glusterfs-api-devel-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-debuginfo-3.8.4-54.8.el7.x86_64.rpm
- glusterfs-fuse-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-api-devel-3.8.4-54.8.el7.x86_64.rpm
- glusterfs-api-3.8.4-54.8.el7rhgs.x86_64.rpm
- glusterfs-3.8.4-54.8.el7rhgs.src.rpm
Fixes
CVEs
References
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/articles/3422521
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.