RHSA-2015:1918 - Security Advisory
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
An updated swiftonfile package that fixes one security issue is now
available for Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux 6
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
Red Hat Gluster Storage is a software only scale-out storage solution that
provides flexible and affordable unstructured data storage. It unifies data
storage and infrastructure, increases performance, and improves
availability and manageability to meet enterprise-level storage challenges.
Red Hat Gluster Storage's Unified File and Object Storage is built on
OpenStack's Object Storage (swift).
A flaw was found in the way swiftonfile (gluster-swift) serialized and
stored metadata on disk by using Python's pickle module. A remote,
authenticated user could use this flaw to execute arbitrary code on the
storage node. (CVE-2015-5242)
For more information about CVE-2015-5242, please see
Red Hat would like to thank Bill Owen of IBM for reporting this issue.
All swiftonfile users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
- Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64
- Red Hat Gluster Storage Server for On-premise 3 for RHEL 6 x86_64
- BZ - 1258743 - CVE-2015-5242 swiftonfile: use of insecure Python pickle for metadata serialization and storage
Red Hat Gluster Storage Server for On-premise 3 for RHEL 7
Red Hat Gluster Storage Server for On-premise 3 for RHEL 6