Explore top 10 tips to secure your open-source projects now. Read More
×
It was found that the fix for CVE-2018-10927, CVE-2018-10928,
CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete.
A remote, authenticated attacker could use one of these flaws to
execute arbitrary code, create arbitrary files, or cause denial of
service on glusterfs server nodes via symlinks to relative paths.
CVE-2018-14652
The Gluster file system is vulnerable to a buffer overflow in the
'features/index' translator via the code handling the
'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote
authenticated attacker could exploit this on a mounted volume to
cause a denial of service.
CVE-2018-14653
The Gluster file system is vulnerable to a heap-based buffer
overflow in the '__server_getspec' function via the 'gf_getspec_req'
RPC message. A remote authenticated attacker could exploit this to
cause a denial of service or other potential unspecified impact.
CVE-2018-14659
Get the latest Linux and open source security news straight to your inbox.