FEDORA-2018-986f0b7fb0

security update in Fedora 29 for glusterfs

Status: stable 5 months ago

5.1 GA , security fixes for: CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661

How to install

sudo dnf upgrade --advisory=FEDORA-2018-986f0b7fb0

Comments 8

This update has been submitted for testing by kkeithle.

This update has been pushed to testing.

Works great! LGTM! =)

karma: +1

works for me

karma: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

Does the system's basic functionality continue to work after this update?
#1644578 CVE-2018-14661 glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service [fedora-all]
#1644579 CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all]
#1644580 CVE-2018-14654 glusterfs: "features/index" translator can create arbitrary, empty files [fedora-all]
#1644582 CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]
#1644583 CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]
#1644584 CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]
#1644730 CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
low
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 5 months ago
in testing 5 months ago
in stable 5 months ago

Related Bugs 7

00 #1644578 CVE-2018-14661 glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service [fedora-all]
00 #1644579 CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all]
00 #1644580 CVE-2018-14654 glusterfs: "features/index" translator can create arbitrary, empty files [fedora-all]
00 #1644582 CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]
00 #1644583 CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]
00 #1644584 CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]
00 #1644730 CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]

Automated Test Results