Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:1137 - Security Advisory
Issued:
2018-04-18
Updated:
2018-04-18

RHSA-2018:1137 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: glusterfs security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system.

Security Fix(es):

  • glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled (CVE-2018-1088)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

This issue was discovered by John Strunk (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Gluster Storage Server for On-premise 3 for RHEL 6 x86_64

Fixes

  • BZ - 1558721 - CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled

CVEs

  • CVE-2018-1088

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/articles/3414511
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
glusterfs-3.8.4-54.7.el6.src.rpm SHA-256: 09664675a8a250a8dfe3d032230803b4d1d85ddb519d7f7846c60333b7969e30
x86_64
glusterfs-3.8.4-54.7.el6.x86_64.rpm SHA-256: 75ae400d878fd04d2292f0f0bde1f75e33943d55b7565af761b52499b6b2c899
glusterfs-api-3.8.4-54.7.el6.x86_64.rpm SHA-256: cdda68eb679afffcafe7d16920d3f4b51394d9677274b778b46cbeda42454381
glusterfs-api-devel-3.8.4-54.7.el6.x86_64.rpm SHA-256: a0c7ec264ef1463ebc6a0b38b30ee3d95aeaf66516db16810595d12766412256
glusterfs-cli-3.8.4-54.7.el6.x86_64.rpm SHA-256: 21117da2baa49d921d6a50b4dfb6516baee9b42991a4b20e0d1586396466a666
glusterfs-client-xlators-3.8.4-54.7.el6.x86_64.rpm SHA-256: 6ad2ec3954851bde26efdd6c39a2c895ef9ac0fedfb3e2101430ad618907f0c9
glusterfs-debuginfo-3.8.4-54.7.el6.x86_64.rpm SHA-256: 0f43a3c647ed3c15d107e7560305939fb3738b73e4b5d3a569001bae4cf9ed19
glusterfs-devel-3.8.4-54.7.el6.x86_64.rpm SHA-256: 52525a5a83adb37040aa1631b5316bc52ac10237c5d3c9f6eedad0b8e7d6afff
glusterfs-fuse-3.8.4-54.7.el6.x86_64.rpm SHA-256: a5a725a9647ad4b1b9bca0610eb04dcc3b193a954f7a6375dd0018bf3253b6cd
glusterfs-libs-3.8.4-54.7.el6.x86_64.rpm SHA-256: 09b03f2687cc6d64c6632529024cf7cacfb005ca3cd41db83fd0bec6fd836c3e
glusterfs-rdma-3.8.4-54.7.el6.x86_64.rpm SHA-256: 758ac230bd0276b7e99b6d6034fa05139941f077ea85b9b08648c052704f0d00
python-gluster-3.8.4-54.7.el6.noarch.rpm SHA-256: fb5fe2a2ab4db8ce077a873dd50b59d88c581fecc268156e50e1184b28fa3ac1

Red Hat Gluster Storage Server for On-premise 3 for RHEL 6

SRPM
glusterfs-3.8.4-54.7.el6rhs.src.rpm SHA-256: 51216c8801f0cc176047fe74d330f060a6e3692064471393bd08ca5fb6c4d591
x86_64
glusterfs-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: 0ff6b613bab31487dc36d323f01fff6da7b21b59f665dc037821b147398b2960
glusterfs-api-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: 35dfeed0605f3118f2d56b48413b740e4ea23b8c08d8056815a01d3760c46629
glusterfs-api-devel-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: 44507774fd2ebe76e46e291e3e773ccec5fdabea2f58e0649c54ff207400c1ca
glusterfs-cli-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: cb1b7aad3bcd67f145dadc3aecbac7089835d366a4ff63608d1468062ba7201e
glusterfs-client-xlators-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: bade723727a5f067be26466d7ea18e19db2e3784c6e8cf88f9fff3d4ab7cc35a
glusterfs-debuginfo-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: bd165fc251881d240c974109c78339cd196dfd4c17592c32f31365e57dfad482
glusterfs-devel-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: 57f50626440c5186e6dfbf81145b574c8221d1fe024e3bcddd67d8de13db9bff
glusterfs-events-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: 3df05259933d26a552bcbea0f671a5def091c065b9ba9ebc51d545caeb9b6b99
glusterfs-fuse-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: e1b3696b9330b4de3ed94c4acb2669b5b12d95d9d3c605b991e1f896d45614d7
glusterfs-ganesha-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: f8f11d9d25d7098eead24bbe120cbd493be6c49741fbcc59a2b134cea8542575
glusterfs-geo-replication-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: 6e0c494aa2a45886ccd07d6c0735c15e4213126a1ac3d14074e6a9d338dc9ab7
glusterfs-libs-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: e33055c22013d93f0e77c0c9c50c6479ed8acce091a61d8f50c6ccddffa120ab
glusterfs-rdma-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: c6e3d10299fb45cac0388e0aa40e07a54d3ebc6b51ea54a7febee91146001ce8
glusterfs-server-3.8.4-54.7.el6rhs.x86_64.rpm SHA-256: b9b2629e3dd19da37a980b07e543b92ae186f1bd2ebd3801af5aabba66a3d963
python-gluster-3.8.4-54.7.el6rhs.noarch.rpm SHA-256: 1078603d7cb9bc02196de19db045cd1c42307414ab9ab1441e168eb107ef522d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility