FEDORA-2018-986f0b7fb0

security update in Fedora 29 for glusterfs

Status: stable 7 months ago

5.1 GA , security fixes for: CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661

How to install

sudo dnf upgrade --advisory=FEDORA-2018-986f0b7fb0

Comments 8

This update has been submitted for testing by kkeithle.

This update has been pushed to testing.

Works great! LGTM! =)

karma: +1

works for me

karma: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
low
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 7 months ago
in testing 7 months ago
in stable 7 months ago

Related Bugs 7

00 #1644578 CVE-2018-14661 glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service [fedora-all]
00 #1644579 CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all]
00 #1644580 CVE-2018-14654 glusterfs: "features/index" translator can create arbitrary, empty files [fedora-all]
00 #1644582 CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]
00 #1644583 CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]
00 #1644584 CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]
00 #1644730 CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]

Automated Test Results