Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 438
Alerts This Week
Warning Icon 1 438

Debian 8 DLA-1565-1 Critical GlusterFS Security Advisory (DoS Risk)

debian lts
Calendar Grey November 5, 2018
Dist Debian Esm H88
Enhance glusterfs to mitigate critical vulnerabilities leading to Denial of Service and code execution threats in Debian 8.
Multiple security vulnerabilities were discovered in GlusterFS, a clustered file system

Summary

It was found that the fix for CVE-2018-10927, CVE-2018-10928,
CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete.
A remote, authenticated attacker could use one of these flaws to
execute arbitrary code, create arbitrary files, or cause denial of
service on glusterfs server nodes via symlinks to relative paths.

CVE-2018-14652

The Gluster file system is vulnerable to a buffer overflow in the
'features/index' translator via the code handling the
'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote
authenticated attacker could exploit this on a mounted volume to
cause a denial of service.

CVE-2018-14653

The Gluster file system is vulnerable to a heap-based buffer
overflow in the '__server_getspec' function via the 'gf_getspec_req'
RPC message. A remote authenticated attacker could exploit this to
cause a denial of service or other potential unspecified impact.

CVE-2018-14659

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: glusterfs
Version: 3.5.2-2+deb8u5
CVE ID: CVE-2018-14651 CVE-2018-14652 CVE-2018-14653

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.