FEDORA-2018-986f0b7fb0

security update in Fedora 29 for glusterfs

Status: stable 11 months ago

5.1 GA , security fixes for: CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661

How to install

sudo dnf upgrade --advisory=FEDORA-2018-986f0b7fb0

Comments 8

This update has been submitted for testing by kkeithle.

This update has been pushed to testing.

Works great! LGTM! =)

karma: +1

works for me

karma: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
low
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 11 months ago
in testing 11 months ago
in stable 11 months ago

Related Bugs 7

00 #1644578 CVE-2018-14661 glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service [fedora-all]
00 #1644579 CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all]
00 #1644580 CVE-2018-14654 glusterfs: "features/index" translator can create arbitrary, empty files [fedora-all]
00 #1644582 CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]
00 #1644583 CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]
00 #1644584 CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]
00 #1644730 CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]

Automated Test Results