Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:3829 - Security Advisory
Issued:
2018-12-17
Updated:
2018-12-17

RHSA-2018:3829 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: RHGS WA security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated packages are now available for Red Hat Gluster Storage 3.4 Web Administration on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.

Security Fix(es):

  • grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

All users of Red Hat Gluster Storage Web Administration are advised to upgrade to these updated packages, which provide numerous bug fixes.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64
  • Red Hat Gluster Storage Web Administration (for RHEL Server) 3.1 x86_64

Fixes

  • BZ - 1599291 - Strange behavior of closing functionality of list of hosts popup window
  • BZ - 1610668 - Multiple popups are created when deleting user
  • BZ - 1611991 - Unmanage information and confirmation popups are created multiple times
  • BZ - 1624088 - CVE-2018-15727 grafana: authentication bypass knowing only a username of an LDAP or OAuth user
  • BZ - 1627651 - Upgrade patternfly version
  • BZ - 1627988 - Tendrl Branding changes
  • BZ - 1629520 - Fix context switcher CSS issue
  • BZ - 1630344 - Somtimes node-agent message socket file "message.sock" is missing
  • BZ - 1641413 - Volume utilization calculation not happening for all volumes when any one volume bricks are down
  • BZ - 1642574 - don't open port 3000/tcp on WA server for grafana
  • BZ - 1650557 - Grafana is not working after WA upgrade to BU2
  • BZ - 1656057 - Utilization alerts are not working
  • BZ - 1656064 - Capacity alerts are not working

CVEs

  • CVE-2018-15727

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Gluster Storage Server for On-premise 3 for RHEL 7

SRPM
tendrl-gluster-integration-1.6.3-13.el7rhgs.src.rpm SHA-256: 2c7f7995bdaa226e84a695ffad46597cdbd885cbe4f9af6c6e0de9379db7d10e
tendrl-node-agent-1.6.3-11.el7rhgs.src.rpm SHA-256: c33ec59572f7e41096e8da92f020d0306f1228f897da664bdb0c7fa78cc52f2b
x86_64
tendrl-gluster-integration-1.6.3-13.el7rhgs.noarch.rpm SHA-256: 6c15cc19a7a0cae27a6f9858c42910a3f3281f6596780ebe1e7ba27083d4e5ad
tendrl-node-agent-1.6.3-11.el7rhgs.noarch.rpm SHA-256: c93111529b9052f40765def615c93acb9f28c1a4a4c1e7851d3f39259cced455

Red Hat Gluster Storage Web Administration (for RHEL Server) 3.1

SRPM
grafana-4.6.4-1.el7rhgs.src.rpm SHA-256: d2fc7636bcebc20dfb81a731996b5ae6f0ee2e5309cb1afa6bdedce0a3925e7b
tendrl-ansible-1.6.3-10.el7rhgs.src.rpm SHA-256: e1b21eeebdc0fb963c65f98dab0e8514d3bd80346efd1e2657fe0b40b4aaeb83
tendrl-api-1.6.3-8.el7rhgs.src.rpm SHA-256: 22b6dd5418cb1d11596ee38987e2a8284ae7e2db7040422f73be2e584e73603d
tendrl-monitoring-integration-1.6.3-16.el7rhgs.src.rpm SHA-256: 31958d287b8f1542714350bae6b29dd801e15f029852c523d7e0d4d498bac74e
tendrl-node-agent-1.6.3-11.el7rhgs.src.rpm SHA-256: c33ec59572f7e41096e8da92f020d0306f1228f897da664bdb0c7fa78cc52f2b
tendrl-ui-1.6.3-14.el7rhgs.src.rpm SHA-256: 2682f245cbf3f0094ea007227cc12b8597132b0e736cf55a049634d1159a2805
x86_64
grafana-4.6.4-1.el7rhgs.x86_64.rpm SHA-256: 867e33e1dfb919348499c177969579b0b653837440b5ecae526b7d0874ff6470
tendrl-ansible-1.6.3-10.el7rhgs.noarch.rpm SHA-256: 6f8d657602aed1ef98dfb0d007b4c0663ef15ec6497bce43e338df141c9c1cba
tendrl-api-1.6.3-8.el7rhgs.noarch.rpm SHA-256: 61653d455107d05dc42577fd486bb88bb476c2f2dfbd45e8a056d5c11ee1d59e
tendrl-api-httpd-1.6.3-8.el7rhgs.noarch.rpm SHA-256: 4bccea431d4f335c159573d0fe375d262976edc90f45a5c7c46cffce7115dd9a
tendrl-grafana-plugins-1.6.3-16.el7rhgs.noarch.rpm SHA-256: b64d8f13d2a166eb64dd35ba97d67c25d1de6ad11e21bfada54be5b71f82103c
tendrl-monitoring-integration-1.6.3-16.el7rhgs.noarch.rpm SHA-256: 3d8d2b7c0bc08f4fbcd69d978d6c3409366fd6296ad29ef20bcc4e50a0c7f0df
tendrl-node-agent-1.6.3-11.el7rhgs.noarch.rpm SHA-256: c93111529b9052f40765def615c93acb9f28c1a4a4c1e7851d3f39259cced455
tendrl-ui-1.6.3-14.el7rhgs.noarch.rpm SHA-256: 47ee72cf567f60a86c366626c356fc9caba8fcf1c68b22c1c9a58c5a98aa3dfa

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility