Fedora 26: Heketi Security Advisory - Moderate Command Injection

Heketi provides a RESTful management interface which can be used to manage

the life cycle of GlusterFS volumes. With Heketi, cloud services like

OpenStack Manila, Kubernetes, and OpenShift can dynamically provision

GlusterFS volumes with any of the supported durability types. Heketi

will automatically determine the location for bricks across the cluster,

making sure to place bricks and its replicas across different failure

domains. Heketi also supports any number of GlusterFS clusters, allowing

cloud services to provide network file storage without being limited to a

single GlusterFS cluster.

Security fix for CVE-2017-15103 and CVE-2017-15104

[ 1 ] Bug #1510147 - CVE-2017-15103 heketi: OS command injection in heketi API

https://bugzilla.redhat.com/show_bug.cgi?id=1510147

[ 2 ] Bug #1510149 - CVE-2017-15104 heketi: Information disclosure through world readable file

https://bugzilla.redhat.com/show_bug.cgi?id=1510149

su -c 'dnf upgrade heketi' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org