Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:3829 - Security Advisory
Issued:
2018-12-17
Updated:
2018-12-17

RHSA-2018:3829 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: RHGS WA security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated packages are now available for Red Hat Gluster Storage 3.4 Web Administration on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.

Security Fix(es):

  • grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

All users of Red Hat Gluster Storage Web Administration are advised to upgrade to these updated packages, which provide numerous bug fixes.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64
  • Red Hat Gluster Storage Web Administration (for RHEL Server) 3.1 x86_64

Fixes

  • BZ - 1599291 - Strange behavior of closing functionality of list of hosts popup window
  • BZ - 1610668 - Multiple popups are created when deleting user
  • BZ - 1611991 - Unmanage information and confirmation popups are created multiple times
  • BZ - 1624088 - CVE-2018-15727 grafana: authentication bypass knowing only a username of an LDAP or OAuth user
  • BZ - 1627651 - Upgrade patternfly version
  • BZ - 1627988 - Tendrl Branding changes
  • BZ - 1629520 - Fix context switcher CSS issue
  • BZ - 1630344 - Somtimes node-agent message socket file "message.sock" is missing
  • BZ - 1641413 - Volume utilization calculation not happening for all volumes when any one volume bricks are down
  • BZ - 1642574 - don't open port 3000/tcp on WA server for grafana
  • BZ - 1650557 - Grafana is not working after WA upgrade to BU2
  • BZ - 1656057 - Utilization alerts are not working
  • BZ - 1656064 - Capacity alerts are not working

CVEs

  • CVE-2018-15727

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Gluster Storage Server for On-premise 3 for RHEL 7

SRPM
tendrl-gluster-integration-1.6.3-13.el7rhgs.src.rpm SHA-256: 2c7f7995bdaa226e84a695ffad46597cdbd885cbe4f9af6c6e0de9379db7d10e
tendrl-node-agent-1.6.3-11.el7rhgs.src.rpm SHA-256: c33ec59572f7e41096e8da92f020d0306f1228f897da664bdb0c7fa78cc52f2b
x86_64
tendrl-gluster-integration-1.6.3-13.el7rhgs.noarch.rpm SHA-256: 6c15cc19a7a0cae27a6f9858c42910a3f3281f6596780ebe1e7ba27083d4e5ad
tendrl-node-agent-1.6.3-11.el7rhgs.noarch.rpm SHA-256: c93111529b9052f40765def615c93acb9f28c1a4a4c1e7851d3f39259cced455

Red Hat Gluster Storage Web Administration (for RHEL Server) 3.1

SRPM
grafana-4.6.4-1.el7rhgs.src.rpm SHA-256: d2fc7636bcebc20dfb81a731996b5ae6f0ee2e5309cb1afa6bdedce0a3925e7b
tendrl-ansible-1.6.3-10.el7rhgs.src.rpm SHA-256: e1b21eeebdc0fb963c65f98dab0e8514d3bd80346efd1e2657fe0b40b4aaeb83
tendrl-api-1.6.3-8.el7rhgs.src.rpm SHA-256: 22b6dd5418cb1d11596ee38987e2a8284ae7e2db7040422f73be2e584e73603d
tendrl-monitoring-integration-1.6.3-16.el7rhgs.src.rpm SHA-256: 31958d287b8f1542714350bae6b29dd801e15f029852c523d7e0d4d498bac74e
tendrl-node-agent-1.6.3-11.el7rhgs.src.rpm SHA-256: c33ec59572f7e41096e8da92f020d0306f1228f897da664bdb0c7fa78cc52f2b
tendrl-ui-1.6.3-14.el7rhgs.src.rpm SHA-256: 2682f245cbf3f0094ea007227cc12b8597132b0e736cf55a049634d1159a2805
x86_64
grafana-4.6.4-1.el7rhgs.x86_64.rpm SHA-256: 867e33e1dfb919348499c177969579b0b653837440b5ecae526b7d0874ff6470
tendrl-ansible-1.6.3-10.el7rhgs.noarch.rpm SHA-256: 6f8d657602aed1ef98dfb0d007b4c0663ef15ec6497bce43e338df141c9c1cba
tendrl-api-1.6.3-8.el7rhgs.noarch.rpm SHA-256: 61653d455107d05dc42577fd486bb88bb476c2f2dfbd45e8a056d5c11ee1d59e
tendrl-api-httpd-1.6.3-8.el7rhgs.noarch.rpm SHA-256: 4bccea431d4f335c159573d0fe375d262976edc90f45a5c7c46cffce7115dd9a
tendrl-grafana-plugins-1.6.3-16.el7rhgs.noarch.rpm SHA-256: b64d8f13d2a166eb64dd35ba97d67c25d1de6ad11e21bfada54be5b71f82103c
tendrl-monitoring-integration-1.6.3-16.el7rhgs.noarch.rpm SHA-256: 3d8d2b7c0bc08f4fbcd69d978d6c3409366fd6296ad29ef20bcc4e50a0c7f0df
tendrl-node-agent-1.6.3-11.el7rhgs.noarch.rpm SHA-256: c93111529b9052f40765def615c93acb9f28c1a4a4c1e7851d3f39259cced455
tendrl-ui-1.6.3-14.el7rhgs.noarch.rpm SHA-256: 47ee72cf567f60a86c366626c356fc9caba8fcf1c68b22c1c9a58c5a98aa3dfa

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our Privacy Statement effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter