Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:1136 - Security Advisory
Issued:
2018-04-18
Updated:
2018-04-18

RHSA-2018:1136 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: glusterfs security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system.

Security Fix(es):

  • glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled (CVE-2018-1088)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

This issue was discovered by John Strunk (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Virtualization 4 for RHEL 7 x86_64
  • Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64

Fixes

  • BZ - 1558721 - CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled

CVEs

  • CVE-2018-1088

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/articles/3414511
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
glusterfs-3.8.4-54.6.el7.src.rpm SHA-256: 08610d69f6416d0a90d3ecc44213cac3056bd5e4f1264b272679d3e1dcd48fc8
x86_64
glusterfs-3.8.4-54.6.el7.x86_64.rpm SHA-256: 479b81493ffe2e608a563a9f4b10096450d5cd9f43b5a530ab03b59efda6e820
glusterfs-api-3.8.4-54.6.el7.x86_64.rpm SHA-256: 303d80896b6c7dfcd133fc3e764db566a2a7e5b3d80f9a528ce131d5451ef232
glusterfs-api-devel-3.8.4-54.6.el7.x86_64.rpm SHA-256: cc9c064972027c40261ff4bc92200817b501fe9058f248b3f58fb136c27fb967
glusterfs-cli-3.8.4-54.6.el7.x86_64.rpm SHA-256: c3b73d08147c4e8725e26ab7744b0382cc96d957b6d5106b4f3f90ff7ac505a7
glusterfs-client-xlators-3.8.4-54.6.el7.x86_64.rpm SHA-256: 9d10b13a15b9999ce9b84c425022f381cfafbc8da3d37ae80934ef61ce17b0a4
glusterfs-debuginfo-3.8.4-54.6.el7.x86_64.rpm SHA-256: 9fb420a45b7f531b967fbae1dd38a5a5b83530ccf46e288a2dd1f26e30dbf337
glusterfs-devel-3.8.4-54.6.el7.x86_64.rpm SHA-256: a5ad4e5cee7cb1b38e8fbb407eb787e0add0ea76c4c6365919265b98a7cf2709
glusterfs-fuse-3.8.4-54.6.el7.x86_64.rpm SHA-256: 3329499163e216662ed8db151cf05416fe14a0dbcdfabe926dbcbc6e2a13e222
glusterfs-libs-3.8.4-54.6.el7.x86_64.rpm SHA-256: fd24fe64b8f64ce24d3b3e1895dd4ce694d02b003db0c168b9b1651875a87ec9
glusterfs-rdma-3.8.4-54.6.el7.x86_64.rpm SHA-256: 058e4c72ff26ce93a20ad0512499603241230de66b45ab503c58467fb1f2020e
python-gluster-3.8.4-54.6.el7.noarch.rpm SHA-256: 0cee37aa7e8be121acd01966a88da89ea5e832653c5f26e598703a6e98e7e68e

Red Hat Virtualization 4 for RHEL 7

SRPM
glusterfs-3.8.4-54.6.el7.src.rpm SHA-256: 08610d69f6416d0a90d3ecc44213cac3056bd5e4f1264b272679d3e1dcd48fc8
x86_64
glusterfs-3.8.4-54.6.el7.x86_64.rpm SHA-256: 479b81493ffe2e608a563a9f4b10096450d5cd9f43b5a530ab03b59efda6e820
glusterfs-api-3.8.4-54.6.el7.x86_64.rpm SHA-256: 303d80896b6c7dfcd133fc3e764db566a2a7e5b3d80f9a528ce131d5451ef232
glusterfs-api-devel-3.8.4-54.6.el7.x86_64.rpm SHA-256: cc9c064972027c40261ff4bc92200817b501fe9058f248b3f58fb136c27fb967
glusterfs-cli-3.8.4-54.6.el7.x86_64.rpm SHA-256: c3b73d08147c4e8725e26ab7744b0382cc96d957b6d5106b4f3f90ff7ac505a7
glusterfs-client-xlators-3.8.4-54.6.el7.x86_64.rpm SHA-256: 9d10b13a15b9999ce9b84c425022f381cfafbc8da3d37ae80934ef61ce17b0a4
glusterfs-debuginfo-3.8.4-54.6.el7.x86_64.rpm SHA-256: 9fb420a45b7f531b967fbae1dd38a5a5b83530ccf46e288a2dd1f26e30dbf337
glusterfs-devel-3.8.4-54.6.el7.x86_64.rpm SHA-256: a5ad4e5cee7cb1b38e8fbb407eb787e0add0ea76c4c6365919265b98a7cf2709
glusterfs-fuse-3.8.4-54.6.el7.x86_64.rpm SHA-256: 3329499163e216662ed8db151cf05416fe14a0dbcdfabe926dbcbc6e2a13e222
glusterfs-libs-3.8.4-54.6.el7.x86_64.rpm SHA-256: fd24fe64b8f64ce24d3b3e1895dd4ce694d02b003db0c168b9b1651875a87ec9
glusterfs-rdma-3.8.4-54.6.el7.x86_64.rpm SHA-256: 058e4c72ff26ce93a20ad0512499603241230de66b45ab503c58467fb1f2020e
python-gluster-3.8.4-54.6.el7.noarch.rpm SHA-256: 0cee37aa7e8be121acd01966a88da89ea5e832653c5f26e598703a6e98e7e68e

Red Hat Gluster Storage Server for On-premise 3 for RHEL 7

SRPM
glusterfs-3.8.4-54.6.el7rhgs.src.rpm SHA-256: e73fddc88ffafff7c8a6e78bec478c833ce47906b6953ccffe9c7579b5697e0b
x86_64
glusterfs-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: 2d5b21c658c66f23b29c72b6193893f61d8a566d60c38c1f39bc17ce77ff9ba1
glusterfs-api-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: 3fe31f2fc76f3553c185734c649c83c4ddafae0c63fd67ab41ec38a563810094
glusterfs-api-devel-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: f9dc0b11e6ed398d94441119a83bf375880241c319dba12e31ff66bab2f2a281
glusterfs-cli-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: 2093dad5c0e59cdd3fad9bc0cdecd3b02df66aaa6db67268eaa92ccf11c3cdbe
glusterfs-client-xlators-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: c2b590b23b22d520039b50be6ea364c9bd122c8e28000d1e9a1b91974c6353ce
glusterfs-debuginfo-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: 440c703814b10b543f9258aaf1cc2fd5c24a4ab989316791d05b5c8cfdc59a33
glusterfs-devel-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: 8bab56e5646a662c25839a78ad3b7685659a09089aa221a8907b20eb651690ae
glusterfs-events-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: 748c92e7cf01652212f8db02cd852fa5c5edf1a1e6bf8c3cbd5955308fe71713
glusterfs-fuse-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: c055be40cfd2c2b850076a2c025dc7e8ddf8b1009604d4a3aeb5a40e0760c9a4
glusterfs-ganesha-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: fe8d6f92a5054d9b6b897f94e9a9563fe52058b4150977092939db4d2619f3ba
glusterfs-geo-replication-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: 6967663d90dfb24536abd153ccba040b514c9f2e1b321d9a13c2c2b7e3e2bacb
glusterfs-libs-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: 4c29ccd1a8488b95f76ed913568ea02c4e67a53760081108caa9a36988f71752
glusterfs-rdma-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: 3e2921b75a355ac066e36eec6ee96ea072335962415cfc70c763237c542acc6b
glusterfs-resource-agents-3.8.4-54.6.el7rhgs.noarch.rpm SHA-256: 8a36774ef908dccde19c1d50dcd8f1dcff1f5c3a68f7e1d384d2f338b987f336
glusterfs-server-3.8.4-54.6.el7rhgs.x86_64.rpm SHA-256: e48d4bc323ab63509aa0f16eafcf6bb3f42aa32e66c95d9138ccea11a9768bc0
python-gluster-3.8.4-54.6.el7rhgs.noarch.rpm SHA-256: 3b0106c192943812fa2d95cdd822ca45ee26dde3b8dd23d6be9e432630d0e55c

Red Hat Virtualization Host 4 for RHEL 7

SRPM
x86_64
glusterfs-debuginfo-3.8.4-54.6.el7.x86_64.rpm SHA-256: 9fb420a45b7f531b967fbae1dd38a5a5b83530ccf46e288a2dd1f26e30dbf337

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility