- Issued:
- 2018-04-30
- Updated:
- 2018-04-30
RHSA-2018:1268 - Security Advisory
Synopsis
Important: glusterfs security update
Type/Severity
Security Advisory: Important
Topic
An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system.
Security Fix(es):
- It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes. (CVE-2018-1112)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Gluster Storage Server for On-premise 3 for RHEL 6 x86_64
Fixes
- BZ - 1570891 - CVE-2018-1112 glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression)
CVEs
References
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| glusterfs-3.8.4-54.9.el6.src.rpm | SHA-256: 2561f4911ebcaf85cc49a5e4f5ef05c5e3d9ea9851ed12d14f7f25d791e2044a |
| x86_64 | |
| glusterfs-3.8.4-54.9.el6.x86_64.rpm | SHA-256: e2aa62ccf8ce3b9fc81e2ebbd4930ffffe68dcf60530e173324d59197e19ad3c |
| glusterfs-api-3.8.4-54.9.el6.x86_64.rpm | SHA-256: d409538c042ed3c6654479ed872534768101054e8c9e433acd5c8c163c3e3cb0 |
| glusterfs-api-devel-3.8.4-54.9.el6.x86_64.rpm | SHA-256: bf2a069c2efd7878514bfa8078b35098ec9b9b6dd794f13d1f718c6cc490496f |
| glusterfs-cli-3.8.4-54.9.el6.x86_64.rpm | SHA-256: c1e220cc081ccc7bc3e7e75195292e2fcf72be17ffe8f6ffc44e9ce96be51b56 |
| glusterfs-client-xlators-3.8.4-54.9.el6.x86_64.rpm | SHA-256: f90291b5ee653724d0143c47e36b8bdc6825be745b5a0efb21e586f12a0f210a |
| glusterfs-debuginfo-3.8.4-54.9.el6.x86_64.rpm | SHA-256: 206aeeb9c5ed0c79fd20ce8761b50644405b84920cccdb08c7afb27b2977487f |
| glusterfs-devel-3.8.4-54.9.el6.x86_64.rpm | SHA-256: 78404e09d30b3ed76ac023f184799210a1b6e99d66e3ad97eba4edfe1baa760b |
| glusterfs-fuse-3.8.4-54.9.el6.x86_64.rpm | SHA-256: 5bc48a99b37d6d579856972fba71fd8f0ac85df6684b4406e02afba18d2dca44 |
| glusterfs-libs-3.8.4-54.9.el6.x86_64.rpm | SHA-256: a99b571570ebb2b2ddb5ea898005826cdc353877bc0c24f5b8e5a2e2a4bf935c |
| glusterfs-rdma-3.8.4-54.9.el6.x86_64.rpm | SHA-256: 27a9adcc3d316d1a715f3237e5dfedd91c9d7c383f081072621ba660d75819d8 |
| python-gluster-3.8.4-54.9.el6.noarch.rpm | SHA-256: bfde8e8a2aabdeec17ef53bcc47e4843f586ec0cf41305763d633c23804d7bc0 |
Red Hat Gluster Storage Server for On-premise 3 for RHEL 6
| SRPM | |
|---|---|
| glusterfs-3.8.4-54.9.el6rhs.src.rpm | SHA-256: 8f4d340e132f3b70918e1620aea534909dacadd1f53bbfb8dbd04fc9609febb8 |
| x86_64 | |
| glusterfs-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: f903c9873db2e1f368e9ad467f8170189d342284109e0e874ed58d07058cca3f |
| glusterfs-api-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: 0b98fe3d2fe682c87d2a448868fa25e9141ed3401dac8b6fc1f1fd06727bebb3 |
| glusterfs-api-devel-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: 8f69fec0a8609e1c622d3004777b7da995e1c59d33e314ea96c9ad1488545b79 |
| glusterfs-cli-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: af6fce4d8605a75964ac15137dbaf2e7cd653bc74ce14d282b24518ea712fe4a |
| glusterfs-client-xlators-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: c29f529241dfabfcbc83ef43dfd5bc5577b9f533ee594499f499ab8da708c420 |
| glusterfs-debuginfo-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: a3abde9304b138ce416c0c583b31d74f004305f70ee704fbedb9341c3f63e202 |
| glusterfs-devel-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: f7de035c2b1e5a3b097ac2cf9de73aa6d0e03d4bf66f2b6cf74db64c39727e69 |
| glusterfs-events-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: 8e90d8e8bc61fa97f573ed67384ef486fdfe2abbfe24a67c52a44a266ee9e0b4 |
| glusterfs-fuse-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: e6d725d5ac84bb1af107d2c905612ed2009a5a30a2e57c7959a2fe04d5c813cc |
| glusterfs-ganesha-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: 559b13bc6c66accb7355300549b3c135d1e66c580cf8cbe51f169a6dbaeab68b |
| glusterfs-geo-replication-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: b192de816fdf132784179da42cc414a61cbf5f59a94851e9daf0a7f584f58b57 |
| glusterfs-libs-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: 8aa71d77b1ae28eca42f3921173be46374f6928c8c96c461e3aece7f8421ce24 |
| glusterfs-rdma-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: afd9239353f93ef5c3c7f0631202d90d70d0e6a77f807e3a72c0c2ea4e3b8d9f |
| glusterfs-server-3.8.4-54.9.el6rhs.x86_64.rpm | SHA-256: fe77db785330f73193d08054fe30fe08770f08e33beacd6050c16a048c1764d4 |
| python-gluster-3.8.4-54.9.el6rhs.noarch.rpm | SHA-256: 5ff06c05e09c46268e325d7e09da55ef5141fdded78ad6a129934c463f93e326 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.