Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisorymoderatered hatRed Hat Gluster Storage 7: RHSA-2019-3253 Moderate: Samba Bug Fix
An update for samba is now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security and bug fix update Advisory ID: RHSA-2019:3253-01 Product: Red Hat Gluster Storage Advisory URL: https://access.redhat.com/errata/RHSA-2019:3253 Issue date: 2019-10-30 CVE Names: CVE-2019-10197 ==================================================================== 1. Summary: An update for samba is now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Gluster 3.5 Samba on RHEL-7 - noarch, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.9.8). (BZ#1724261) Security Fix(es): * samba: Combination of parameters and permissions can allow the user to escape from the share path definition (CVE-2019-10197) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Increased performance for Samba vfs_glusterfs when usingpthreadpool (BZ#1743595) * The samba packages have been upgraded to upstream version 4.9.8 which provides a number of bug fixes and enhancements over the previous version. (BZ#1724261) Users of Samba with Red Hat Gluster Storage are advised to upgrade to these updated packages. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1667895 - [Samba-MacOS] vfs_gluster_fgetxattr error messages while performing file operations in MacOS 1715503 - [samba-selinux] CTDB status unhealthy after upgrade to samba-4.9.8-102 1724243 - [Samba] Accommodate recent get_real_filename implementation changes in GlusterFS 1724261 - [RHEL7] [Rebase] Samba rebuild required with new glusterfs 1743595 - Increased performance for Samba vfs_glusterfs when using pthreadpool 1746225 - CVE-2019-10197 samba: Combination of parameters and permissions can allow user to escape from the share path definition 6. Package List: Red Hat Gluster 3.5 Samba onRHEL-7: Source: samba-4.9.8-109.el7rhgs.src.rpm noarch: samba-common-4.9.8-109.el7rhgs.noarch.rpm samba-pidl-4.9.8-109.el7rhgs.noarch.rpm x86_64: ctdb-4.9.8-109.el7rhgs.x86_64.rpm libsmbclient-4.9.8-109.el7rhgs.x86_64.rpm libsmbclient-devel-4.9.8-109.el7rhgs.x86_64.rpm libwbclient-4.9.8-109.el7rhgs.x86_64.rpm libwbclient-devel-4.9.8-109.el7rhgs.x86_64.rpm samba-4.9.8-109.el7rhgs.x86_64.rpm samba-client-4.9.8-109.el7rhgs.x86_64.rpm samba-client-libs-4.9.8-109.el7rhgs.x86_64.rpm samba-common-libs-4.9.8-109.el7rhgs.x86_64.rpm samba-common-tools-4.9.8-109.el7rhgs.x86_64.rpm samba-dc-4.9.8-109.el7rhgs.x86_64.rpm samba-dc-libs-4.9.8-109.el7rhgs.x86_64.rpm samba-debuginfo-4.9.8-109.el7rhgs.x86_64.rpm samba-devel-4.9.8-109.el7rhgs.x86_64.rpm samba-krb5-printing-4.9.8-109.el7rhgs.x86_64.rpm samba-libs-4.9.8-109.el7rhgs.x86_64.rpm samba-python-4.9.8-109.el7rhgs.x86_64.rpm samba-vfs-glusterfs-4.9.8-109.el7rhgs.x86_64.rpm samba-winbind-4.9.8-109.el7rhgs.x86_64.rpm samba-winbind-clients-4.9.8-109.el7rhgs.x86_64.rpm samba-winbind-krb5-locator-4.9.8-109.el7rhgs.x86_64.rpm samba-winbind-modules-4.9.8-109.el7rhgs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-10197 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/cve/CVE-2019-10197 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE-----Version: GnuPGv1 iQIVAwUBXbl/19zjgjWX9erEAQj8qQ//YKsff8F7LurR88kJ7SSux9reZOf8CKls 4VF4ZHxRby15tEfXmbQr494RxIDOoaKQ5JwUWCuAneq785hYoWjuh9eBUH3BvaQi VbaMufyROWodTQ9KTo70Ez+jUA0VarcLxrF1z6AbkXJ5V12DVMWqv9w+uvjQ6h7l dny2daGVynw8+Uhh2hMXLTtrK+BxMem9TL7KkOHDwAw5PUST+RzmrphKu2pjTfsC pGTKJStEhR2bt2ZAg4msUnU140GLMfoPwDP7ootiag9SD8PXWZ3QU2P37NTtYA7f E6Bz6Jmp2WzMdNFLEKCe9TSi55PrhLcneq/ZstIrHaF5i2LYHHg2OzOhSP+PVEPU hTbAQP0mD1JGbOykV4MUUnrO4XcXIBlfp4Vtqrcp5SXcw6eo64xgoMnt7z4nMjth 1T4B0mzmS3ai9oyvidQxBFxHCiMrS7V6W0mHfoOG1IEH9ODbmYsdZSM/FSSRevT8 b0Qu31yW5UWYNPkRdyI2FeFJ7UEwz4rNCzU+Mt/rc95OZF54hGqRVc9nXreIYCLl oBcOcA6cklnOty+I/ShexCa6BGQcqfw1bxvld85LfcF9Cq2AbkD3QCP4vzqLpsIG 9eFEUgUN9aAhBVgCXUHGu5EJJh7ifjMwAZBdpghQteKCdNXU2M9GGBHRt6x5JwhO nJNpdoJ1R0M=yjjn -----END PGP SIGNATURE-------RHSA-announce mailing list
Oct 30, 2019
Red Hat
98
security advisorystorage securityimportant updateRed Hat: RHSA-2018-1269-01 Critical: GlusterFS Unauthorized Access Issue
An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: glusterfs security update Advisory ID: RHSA-2018:1269-01 Product: Red Hat Gluster Storage Advisory URL: https://access.redhat.com/errata/RHSA-2018:1269 Issue date: 2018-04-30 CVE Names: CVE-2018-1112 ==================================================================== 1. Summary: An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Gluster Storage Server 3.3 on RHEL-7 - noarch, x86_64 Red Hat Storage Native Client for Red Hat Enterprise Linux 7 - noarch, x86_64 3. Description: GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Security Fix(es): * It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes. (CVE-2018-1112) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory,refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1570891 - CVE-2018-1112 glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression) 6. Package List: Red Hat Gluster Storage Server 3.3 on RHEL-7: Source: glusterfs-3.8.4-54.8.el7rhgs.src.rpm noarch: glusterfs-resource-agents-3.8.4-54.8.el7rhgs.noarch.rpm python-gluster-3.8.4-54.8.el7rhgs.noarch.rpm x86_64: glusterfs-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-api-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-api-devel-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-cli-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-client-xlators-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-debuginfo-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-devel-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-events-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-fuse-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-ganesha-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-geo-replication-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-libs-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-rdma-3.8.4-54.8.el7rhgs.x86_64.rpm glusterfs-server-3.8.4-54.8.el7rhgs.x86_64.rpm Red Hat Storage Native Client for Red Hat Enterprise Linux 7: Source: glusterfs-3.8.4-54.8.el7.src.rpm noarch: python-gluster-3.8.4-54.8.el7.noarch.rpm x86_64: glusterfs-3.8.4-54.8.el7.x86_64.rpm glusterfs-api-3.8.4-54.8.el7.x86_64.rpm glusterfs-api-devel-3.8.4-54.8.el7.x86_64.rpm glusterfs-cli-3.8.4-54.8.el7.x86_64.rpm glusterfs-client-xlators-3.8.4-54.8.el7.x86_64.rpm glusterfs-debuginfo-3.8.4-54.8.el7.x86_64.rpm glusterfs-devel-3.8.4-54.8.el7.x86_64.rpm glusterfs-fuse-3.8.4-54.8.el7.x86_64.rpm glusterfs-libs-3.8.4-54.8.el7.x86_64.rpm glusterfs-rdma-3.8.4-54.8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2018-1112 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3422521 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa5xE6XlSAg2UNWIIRAqdbAJ9Oxi9vblI58F2ybMtlEOJdfsoyJwCfVCCU pRdFLhHdtQaMhzEXT/SXXG8=V28B -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 30, 2018
•Important
Red Hat
98
security advisorystorage securityimportant updateRed Hat: RHSA-2018-1268-01 Important Update for GlusterFS Security Issue
An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: glusterfs security update Advisory ID: RHSA-2018:1268-01 Product: Red Hat Gluster Storage Advisory URL: https://access.redhat.com/errata/RHSA-2018:1268 Issue date: 2018-04-30 CVE Names: CVE-2018-1112 ==================================================================== 1. Summary: An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Gluster Storage Server 3.3 on RHEL-6 - noarch, x86_64 Red Hat Storage Native Client for Red Hat Enterprise Linux 6 - noarch, x86_64 3. Description: GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Security Fix(es): * It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes. (CVE-2018-1112) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory,refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1570891 - CVE-2018-1112 glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression) 6. Package List: Red Hat Gluster Storage Server 3.3 on RHEL-6: Source: glusterfs-3.8.4-54.9.el6rhs.src.rpm noarch: python-gluster-3.8.4-54.9.el6rhs.noarch.rpm x86_64: glusterfs-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-api-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-api-devel-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-cli-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-client-xlators-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-debuginfo-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-devel-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-events-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-fuse-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-ganesha-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-geo-replication-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-libs-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-rdma-3.8.4-54.9.el6rhs.x86_64.rpm glusterfs-server-3.8.4-54.9.el6rhs.x86_64.rpm Red Hat Storage Native Client for Red Hat Enterprise Linux 6: Source: glusterfs-3.8.4-54.9.el6.src.rpm noarch: python-gluster-3.8.4-54.9.el6.noarch.rpm x86_64: glusterfs-3.8.4-54.9.el6.x86_64.rpm glusterfs-api-3.8.4-54.9.el6.x86_64.rpm glusterfs-api-devel-3.8.4-54.9.el6.x86_64.rpm glusterfs-cli-3.8.4-54.9.el6.x86_64.rpm glusterfs-client-xlators-3.8.4-54.9.el6.x86_64.rpm glusterfs-debuginfo-3.8.4-54.9.el6.x86_64.rpm glusterfs-devel-3.8.4-54.9.el6.x86_64.rpm glusterfs-fuse-3.8.4-54.9.el6.x86_64.rpm glusterfs-libs-3.8.4-54.9.el6.x86_64.rpm glusterfs-rdma-3.8.4-54.9.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1112 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3422521 8. Contact: The Red Hat security contact is . Morecontact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa5xDCXlSAg2UNWIIRAj/bAJ4qoKnnuwJ3azLYYCa9Z2j2x+RMBgCeL3yr uu2MQ0cE3YRD7cEVyBW4XQc=++fG -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 30, 2018
•Important
Red Hat
98
security advisoryRed Hatprivilege escalationRed Hat: RHSA-2018-1137-01 Important: GlusterFS Escalation Risk
An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: glusterfs security update Advisory ID: RHSA-2018:1137-01 Product: Red Hat Gluster Storage Advisory URL: https://access.redhat.com/errata/RHSA-2018:1137 Issue date: 2018-04-18 CVE Names: CVE-2018-1088 ==================================================================== 1. Summary: An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Gluster Storage Server 3.3 on RHEL-6 - noarch, x86_64 Red Hat Storage Native Client for Red Hat Enterprise Linux 6 - noarch, x86_64 3. Description: GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Security Fix(es): * glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled (CVE-2018-1088) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by John Strunk (RedHat). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1558721 - CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled 6. Package List: Red Hat Gluster Storage Server 3.3 on RHEL-6: Source: glusterfs-3.8.4-54.7.el6rhs.src.rpm noarch: python-gluster-3.8.4-54.7.el6rhs.noarch.rpm x86_64: glusterfs-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-api-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-api-devel-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-cli-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-client-xlators-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-debuginfo-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-devel-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-events-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-fuse-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-ganesha-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-geo-replication-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-libs-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-rdma-3.8.4-54.7.el6rhs.x86_64.rpm glusterfs-server-3.8.4-54.7.el6rhs.x86_64.rpm Red Hat Storage Native Client for Red Hat Enterprise Linux 6: Source: glusterfs-3.8.4-54.7.el6.src.rpm noarch: python-gluster-3.8.4-54.7.el6.noarch.rpm x86_64: glusterfs-3.8.4-54.7.el6.x86_64.rpm glusterfs-api-3.8.4-54.7.el6.x86_64.rpm glusterfs-api-devel-3.8.4-54.7.el6.x86_64.rpm glusterfs-cli-3.8.4-54.7.el6.x86_64.rpm glusterfs-client-xlators-3.8.4-54.7.el6.x86_64.rpm glusterfs-debuginfo-3.8.4-54.7.el6.x86_64.rpm glusterfs-devel-3.8.4-54.7.el6.x86_64.rpm glusterfs-fuse-3.8.4-54.7.el6.x86_64.rpm glusterfs-libs-3.8.4-54.7.el6.x86_64.rpm glusterfs-rdma-3.8.4-54.7.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2018-1088 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3414511 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa1zRzXlSAg2UNWIIRAt5+AKC3mwd/Kbql309FjTKQutgkGOaWLgCffQML iqU6JrQHk5oIj+vuAH+Ne8c=SMGZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 18, 2018
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!