- Issued:
- 2017-03-23
- Updated:
- 2017-03-23
RHSA-2017:0484 - Security Advisory
Synopsis
Moderate: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.
The following packages have been upgraded to a later upstream version: glusterfs (3.8.4), redhat-storage-server (3.2.0.3). (BZ#1362373)
Security Fix(es):
- It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package. (CVE-2015-1795)
This issue was discovered by Florian Weimer of Red Hat Product Security.
Bug Fix(es):
- Bricks remain stopped if server quorum is no longer met, or if server quorum is disabled, to ensure that bricks in maintenance are not started incorrectly. (BZ#1340995)
- The metadata cache translator has been updated to improve Red Hat Gluster Storage performance when reading small files. (BZ#1427783)
- The 'gluster volume add-brick' command is no longer allowed when the replica count has increased and any replica bricks are unavailable. (BZ#1404989)
- Split-brain resolution commands work regardless of whether client-side heal or the self-heal daemon are enabled. (BZ#1403840)
Enhancement(s):
- Red Hat Gluster Storage now provides Transport Layer Security support for Samba and NFS-Ganesha. (BZ#1340608, BZ#1371475)
- A new reset-sync-time option enables resetting the sync time attribute to zero when required. (BZ#1205162)
- Tiering demotions are now triggered at most 5 seconds after a hi-watermark breach event. Administrators can use the cluster.tier-query-limit volume parameter to specify the number of records extracted from the heat database during demotion. (BZ#1361759)
- The /var/log/glusterfs/etc-glusterfs-glusterd.vol.log file is now named /var/log/glusterfs/glusterd.log. (BZ#1306120)
- The 'gluster volume attach-tier/detach-tier' commands are considered deprecated in favor of the new commands, 'gluster volume tier VOLNAME attach/detach'. (BZ#1388464)
- The HA_VOL_SERVER parameter in the ganesha-ha.conf file is no longer used by Red Hat Gluster Storage. (BZ#1348954)
- The volfile server role can now be passed to another server when a server is unavailable. (BZ#1351949)
- Ports can now be reused when they stop being used by another service. (BZ#1263090)
- The thread pool limit for the rebalance process is now dynamic, and is determined based on the number of available cores. (BZ#1352805)
- Brick verification at reboot now uses UUID instead of brick path. (BZ#1336267)
- LOGIN_NAME_MAX is now used as the maximum length for the slave user instead of __POSIX_LOGIN_NAME_MAX, allowing for up to 256 characters including the NULL byte. (BZ#1400365)
- The client identifier is now included in the log message to make it easier to determine which client failed to connect. (BZ#1333885)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Gluster Storage Server for On-premise 3 for RHEL 6 x86_64
Fixes
- BZ - 1200927 - CVE-2015-1795 glusterfs: glusterfs-server %pretrans rpm script temporary file issue
- BZ - 1362373 - [RHEL6] Rebase glusterfs at RHGS-3.2.0 release
- BZ - 1375059 - [RHEL-6] Include vdsm and related dependency packages at RHGS 3.2.0 ISO
- BZ - 1382319 - [RHEL6] SELinux prevents FUSE mounting of RDMA transport type volumes
- BZ - 1403587 - [Perf] : pcs cluster resources went into stopped state during Multithreaded perf tests on RHGS layered over RHEL 6
- BZ - 1403919 - [Ganesha] : pcs status is not the same across the ganesha cluster in RHEL 6 environment
- BZ - 1404551 - Lower version of packages subscription-manager, python-rhsm found in RHGS3.2 RHEL6 ISO.
- BZ - 1424944 - [Ganesha] : Unable to bring up a Ganesha HA cluster on RHEL 6.9.
- BZ - 1425748 - [GANESHA] Adding a node to existing ganesha cluster is failing on rhel 6.9
- BZ - 1432972 - /etc/pki/product/69.pem shows version as 6.8 for RHGS3.2.0(6.9)
CVEs
References
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| glusterfs-3.8.4-18.el6.src.rpm | SHA-256: 38d4a4c0193117fc8324ad11f587bde13fe608c1a25e6bc7355c4aa9d5f4d43d |
| x86_64 | |
| glusterfs-3.8.4-18.el6.x86_64.rpm | SHA-256: 690e935af0621ce82b503379009f0354075fb36dd399f3fbcbd332218831a55d |
| glusterfs-api-3.8.4-18.el6.x86_64.rpm | SHA-256: d3c41c1eae4180fcd87170f3048a49267b78ce9141ebcdd17ec6d2cd321c38da |
| glusterfs-api-devel-3.8.4-18.el6.x86_64.rpm | SHA-256: ffbae64ad5ccb092baa8e0186d28446a7fc3ed141b2deefc1eb61ac4fde0bd91 |
| glusterfs-cli-3.8.4-18.el6.x86_64.rpm | SHA-256: 8acb5af30a338a8e78cc11a8b8df6029f40761478b7ac81fb7fb7da1da83ece8 |
| glusterfs-client-xlators-3.8.4-18.el6.x86_64.rpm | SHA-256: 22b6bfd977fd96eabf1d9a832a4a9a9729580edadf569a75530328931d1a3e7d |
| glusterfs-debuginfo-3.8.4-18.el6.x86_64.rpm | SHA-256: 40c8b0662ac95b4525f00d459b47e97ee4eb5d77b8e555d414591e5b91b9c268 |
| glusterfs-devel-3.8.4-18.el6.x86_64.rpm | SHA-256: 6f3d5012116ae914954bd92b9c835d367fcf2a353c388d1897bb5981d8494d0d |
| glusterfs-fuse-3.8.4-18.el6.x86_64.rpm | SHA-256: b447adde18ddece588a6f69d3d3da09d743166a50e8eb05ac60cfd70cbcc9665 |
| glusterfs-libs-3.8.4-18.el6.x86_64.rpm | SHA-256: 74532c61570f9bbf1bf7caa1d7e6a381b25a3e9d97aae728fa11267802b26fa7 |
| glusterfs-rdma-3.8.4-18.el6.x86_64.rpm | SHA-256: 102c77d017e7989a92f9c03a0eaff33e2ee5c8306c7095b68eb4fd3148e4760d |
| python-gluster-3.8.4-18.el6.noarch.rpm | SHA-256: fa2637b54e565a17c017a766a824a2c21bed7403624444f4fce58daf7bbea644 |
Red Hat Gluster Storage Server for On-premise 3 for RHEL 6
| SRPM | |
|---|---|
| glusterfs-3.8.4-18.el6rhs.src.rpm | SHA-256: 82307e457302eaa33d5a7748a424113afa360beb449bcdd846a89c53ac0ff8dc |
| redhat-storage-server-3.2.0.3-1.el6rhs.src.rpm | SHA-256: c3cc51765a7fa864961b4fb98c5f49199ed3d10c6c85135a3491516e58e5b271 |
| x86_64 | |
| glusterfs-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: 00fa854839fd98d50da79309255973c9b66546893b21656fd4460e2ac02feccb |
| glusterfs-api-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: 0d8cdc350a8a69a9d8c6333f45acba3f01c809d67f0576e7c517a8590c47d5a3 |
| glusterfs-api-devel-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: 42853af0c2e801dcbd433be5133a8451656b695bf5fa67d81c7f2106167513bf |
| glusterfs-cli-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: 8307ef82f22c69ae33559701b5f0ecfb0b50865d40e1e7793f22a6bd1cf34585 |
| glusterfs-client-xlators-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: 299f7402389c7e37fb91e0e8160ecd0312c29821d39be744d7f94de69dab5184 |
| glusterfs-debuginfo-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: b8f103ba7ec08284fc5a2d9523b84b43f5d400ba63476420998a27480e8d7276 |
| glusterfs-devel-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: 256d18c530e7ceca74d6d8c1ba7b409d51bcd86902c2c4327f384cdff3673e61 |
| glusterfs-events-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: 0dcebbfe5ef7eb883b5ac0c35d4107c18f2f7100b2c1e58a60e57b6dedeb434b |
| glusterfs-fuse-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: 552acee4c52808e49cfd252d1a8b9f47525cf08f70950d39afdc931fabead21b |
| glusterfs-ganesha-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: 650417cc33bad2beaf0578260dddba255cb49885aa7bd9110fdf167f70e9e514 |
| glusterfs-geo-replication-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: 4240e26bc1d506a94dba0de2e0e9030d7ad27d688ee80ef2ae445f1079d05af7 |
| glusterfs-libs-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: bf1b5bdcbe10eb64c4ea7a8c640191cbef03f66c613789054355c467bfe2d998 |
| glusterfs-rdma-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: bb2b133ac08a3cd5e6585fd97174736ddb49c19a49e7e35a07fe0cfbc05f9c54 |
| glusterfs-server-3.8.4-18.el6rhs.x86_64.rpm | SHA-256: 26003171bce2dda8a09c31260663f4616103ecd85a1ef857ad3cc31765640636 |
| python-gluster-3.8.4-18.el6rhs.noarch.rpm | SHA-256: de30867b48f6108574b618ce2d319c322476499fe76426cf28779b7b58300adb |
| redhat-storage-server-3.2.0.3-1.el6rhs.noarch.rpm | SHA-256: 4db679aaa877eec8a959040c52655023e9c05dffe1b97a27cfd80c8d22413d7f |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
