Red Hat Customer Portal

Skip to main content

Main Navigation

  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
Red Hat Customer Portal
  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Search
  • Log In
  • Language
Or troubleshoot an issue.

Log in to Your Red Hat Account

Log In

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

Register

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

If you have any questions, please contact customer service.

Red Hat Account Number:

Red Hat Account

  • Account Details
  • User Management
  • Account Maintenance
  • Account Team

Customer Portal

  • My Profile
  • Notifications
  • Help

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Log Out

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)
Red Hat Customer Portal Red Hat Customer Portal
  • Products & Services
  • Tools
  • Security
  • Community
  • Infrastructure and Management

  • Cloud Computing

  • Storage

  • Runtimes

  • Integration and Automation

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS
  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat Openshift Container Storage
  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio
  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
View All Products
  • Support
  • Production Support
  • Development Support
  • Product Life Cycles

Services

  • Consulting
  • Technical Account Management
  • Training & Certifications
  • Documentation
  • Red Hat Enterprise Linux
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Ecosystem Catalog
  • Red Hat in the Public Cloud
  • Partner Resources

Tools

  • Solution Engine
  • Packages
  • Errata
  • Customer Portal Labs
  • Configuration
  • Deployment
  • Security
  • Troubleshooting

Red Hat Insights

Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

  • Learn more
  • Go to Insights

Red Hat Product Security Center

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

Security Updates

  • Security Advisories
  • Red Hat CVE Database
  • Security Labs

Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

  • View Responses

Resources

  • Overview
  • Security Blog
  • Security Measurement
  • Severity Ratings
  • Backporting Policies
  • Product Signing (GPG) Keys

Customer Portal Community

  • Discussions
  • Blogs
  • Private Groups
  • Community Activity

Customer Events

  • Red Hat Convergence
  • Red Hat Summit

Stories

  • Red Hat Subscription Value
  • You Asked. We Acted.
  • Open Source Communities
Red Hat Product Errata RHSA-2019:0265 - Security Advisory
Issued:
2019-02-04
Updated:
2019-02-04

RHSA-2019:0265 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat Gluster Storage Web Administration security update

Type/Severity

Security Advisory: Moderate

Topic

Updated packages are now available for Red Hat Gluster Storage 3.4 Web Administration Batch Update 3 on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage WebAdministration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.

Security Fix(es):

  • django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc' (CVE-2018-7536)
  • django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html' (CVE-2018-7537)
  • django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Django project for reporting CVE-2018-7536 and CVE-2018-7537.

Users of Red Hat Gluster Storage Web Administration with Red Hat Gluster Storage are advised to upgrade to this updated package to fix these issues.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64
  • Red Hat Gluster Storage Web Administration (for RHEL Server) 3.1 x86_64

Fixes

  • BZ - 1549777 - CVE-2018-7536 django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'
  • BZ - 1549779 - CVE-2018-7537 django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html'
  • BZ - 1609031 - CVE-2018-14574 django: Open redirect possibility in CommonMiddleware
  • BZ - 1654338 - tendrl-commons doesn't specify minimal ansible version it requires
  • BZ - 1655424 - Need to change graphite db initialization command in tendrl-ansible as per new graphite-web version-1.1.4-1
  • BZ - 1655433 - Need to restrict few services port from outside access to web-admin
  • BZ - 1658245 - graphite data migration process from graphite-web-0.X.X to graphite-web-1.X.X should done from tendrl-upgrade script
  • BZ - 1659678 - Grafana unable to fetch data after updating graphite-web to 1.x.x
  • BZ - 1660779 - After migration to graphite-1.1.4 the brick specific dashboards are not visible in grafana

CVEs

  • CVE-2018-7536
  • CVE-2018-7537
  • CVE-2018-14574

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • Note: More recent versions of these packages may be available. Click a package name for more details.

    Red Hat Gluster Storage Server for On-premise 3 for RHEL 7

    SRPM
    tendrl-commons-1.6.3-15.el7rhgs.src.rpm SHA-256: fe17ce9b8b695fbb0abb6ad321ed1031c440589c9c40188d4447c276e9b5b068
    tendrl-node-agent-1.6.3-15.el7rhgs.src.rpm SHA-256: 7280f05d23a705110701a9e19b254734d9bc9e888f9343e2d3d0db4af52a9ca6
    tendrl-selinux-1.5.4-3.el7rhgs.src.rpm SHA-256: 05f63efd5348ce46e6afa6a6be9efa597bbb0b6edc7b93b499a9e2fd8812ec15
    x86_64
    tendrl-collectd-selinux-1.5.4-3.el7rhgs.noarch.rpm SHA-256: da8c08d2706c2f3085b7e976e6548b1d60e5d27584f23f039b01c94a3a92487c
    tendrl-commons-1.6.3-15.el7rhgs.noarch.rpm SHA-256: b6e5ed585502be1e3a1335fd2527290385682e7f6b55e97e44c84a6abe2d2d4b
    tendrl-node-agent-1.6.3-15.el7rhgs.noarch.rpm SHA-256: 25ac386a6eee0da59fbbfbeb5a9cc1978795b9cb09ba1972901a872b75fa7961
    tendrl-selinux-1.5.4-3.el7rhgs.noarch.rpm SHA-256: ca82bf7964eca26fdbdb55784020f13d47d15034d4744d7fd09ca3f5f9a795ca

    Red Hat Gluster Storage Web Administration (for RHEL Server) 3.1

    SRPM
    graphite-web-1.1.4-1.el7rhgs.src.rpm SHA-256: 2f88c6c21a08cf3bd2e302ed477c44b94305ece60f15fe7de11f3d5d9e6c9427
    python-cachetools-1.0.3-1.1.el7rhgs.src.rpm SHA-256: f94c60cc90fecd5847ad2d78cc95813bc453dbf3b6bdb575648b8d57499d4fea
    python-carbon-1.1.4-1.el7rhgs.src.rpm SHA-256: 71fc58ee5b68b50bcc3d65e50241609760c9eb838f87547b8e0c51941b68c876
    python-django-1.11.15-4.el7rhgs.src.rpm SHA-256: c2e0e13be9ba526d5673dd9fbfdbe1ac90bc9eb061076c39a3abb5c83403087a
    python-django-tagging-0.4.6-1.el7rhgs.src.rpm SHA-256: fb77cc379954132c81aa1e2614275b3ec5f549e6eef2343e2f55eacf39c16ac9
    python-scandir-1.3-1.el7rhgs.src.rpm SHA-256: b711534435114c59b1e40b2f783e052699642952651445b2c3d780aac8e89f83
    python-whisper-1.1.4-1.el7rhgs.src.rpm SHA-256: 41096b552322ac60f69d0bc67a7cdd813a802dcc9620d361b9f312bfc9c5eaae
    tendrl-ansible-1.6.3-11.el7rhgs.src.rpm SHA-256: 64a5d68b401aa32f703fdf096b00a5916412ab2b77ee637934edf843f3019366
    tendrl-api-1.6.3-10.el7rhgs.src.rpm SHA-256: 275afb95c8210a942181ea475dc1dd0b7d9ee39dea0ca47e8d87a903b1214816
    tendrl-commons-1.6.3-15.el7rhgs.src.rpm SHA-256: fe17ce9b8b695fbb0abb6ad321ed1031c440589c9c40188d4447c276e9b5b068
    tendrl-monitoring-integration-1.6.3-20.el7rhgs.src.rpm SHA-256: 8fe7eb1dd2275e719e1bd5ad15d118e693408cfb492dbfe255078e11de81e1b0
    tendrl-node-agent-1.6.3-15.el7rhgs.src.rpm SHA-256: 7280f05d23a705110701a9e19b254734d9bc9e888f9343e2d3d0db4af52a9ca6
    tendrl-selinux-1.5.4-3.el7rhgs.src.rpm SHA-256: 05f63efd5348ce46e6afa6a6be9efa597bbb0b6edc7b93b499a9e2fd8812ec15
    x86_64
    carbon-selinux-1.5.4-3.el7rhgs.noarch.rpm SHA-256: 71c4ec9dfd7d3e5bb480d965c8032d05a53f1b7d6e441c3ad194524a48787e78
    graphite-web-1.1.4-1.el7rhgs.noarch.rpm SHA-256: f386665b8ec2685c813cbf917ab305ed92b6f712c8c3a36adab4d9d612bb03b2
    python-cachetools-1.0.3-1.1.el7rhgs.noarch.rpm SHA-256: fd77061ead68ee3e6259ce032e6198dcb3d036a55891cbf1258310ffeb5ec3d4
    python-carbon-1.1.4-1.el7rhgs.noarch.rpm SHA-256: d8278d41f2a4dbad1677747db55dad186c255a1bfce07af8d69d6155c057714d
    python-django-bash-completion-1.11.15-4.el7rhgs.noarch.rpm SHA-256: a3a1f5f252cc39f6a656862177b83b7755a563c40719d99d9dc21ab4b28b7ae3
    python-django-tagging-0.4.6-1.el7rhgs.noarch.rpm SHA-256: a948c53096642d70f28cfb9ad8b2c09000bc4628fbb14555dd27da9b63dc7502
    python-scandir-1.3-1.el7rhgs.x86_64.rpm SHA-256: a58c9147baddab09a00eac77bc93123f406981c562176a4eaadd2fbcb9185b72
    python-scandir-debuginfo-1.3-1.el7rhgs.x86_64.rpm SHA-256: e461bcb935df7b39636e25da2e6931051ecf6989d247cd3e1fe0b1ac168dd765
    python-whisper-1.1.4-1.el7rhgs.noarch.rpm SHA-256: 03463d590d9d2009d09ab0e537e30bb4301507af8d6751ade350b1340af97ca8
    python2-django-1.11.15-4.el7rhgs.noarch.rpm SHA-256: 4e67ab11d385611187a3d86adb23e2feb0284a9e46110b4dd5354e402f6e253d
    python2-django-doc-1.11.15-4.el7rhgs.noarch.rpm SHA-256: d00c6df9163eba3c6d989d7e49fe702d21199f803b3e3f12da836d45179fa0b3
    tendrl-ansible-1.6.3-11.el7rhgs.noarch.rpm SHA-256: 303b65c86b8199075931cb0c7c5ccd0b99ca3f0a728612f1573efc7f82f01e62
    tendrl-api-1.6.3-10.el7rhgs.noarch.rpm SHA-256: 0148ae95e8a8e95becb9ff1072317c82e604238428862608b2580a2c745adb4a
    tendrl-api-httpd-1.6.3-10.el7rhgs.noarch.rpm SHA-256: dd5ead76d09642d555cc4a9bf1d0be187a6bd2468696235f4b2865e2b28d8de1
    tendrl-commons-1.6.3-15.el7rhgs.noarch.rpm SHA-256: b6e5ed585502be1e3a1335fd2527290385682e7f6b55e97e44c84a6abe2d2d4b
    tendrl-grafana-plugins-1.6.3-20.el7rhgs.noarch.rpm SHA-256: fee1ca0ae2ced291723c808a91a5e70411283c538491850535e6a8a2272ac231
    tendrl-grafana-selinux-1.5.4-3.el7rhgs.noarch.rpm SHA-256: 62d1a8f172c43fbd4ff60debf7d1eaa8631b002e3ef5bc4467059727b11799aa
    tendrl-monitoring-integration-1.6.3-20.el7rhgs.noarch.rpm SHA-256: 088de4b05955c8ecaae7abd7032518d7ae39493199f09ed48e7cd4a03c5c3c39
    tendrl-node-agent-1.6.3-15.el7rhgs.noarch.rpm SHA-256: 25ac386a6eee0da59fbbfbeb5a9cc1978795b9cb09ba1972901a872b75fa7961
    tendrl-selinux-1.5.4-3.el7rhgs.noarch.rpm SHA-256: ca82bf7964eca26fdbdb55784020f13d47d15034d4744d7fd09ca3f5f9a795ca

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

    Red Hat

    Quick Links

    • Downloads
    • Subscriptions
    • Support Cases
    • Customer Service
    • Product Documentation

    Help

    • Contact Us
    • Customer Portal FAQ
    • Log-in Assistance

    Site Info

    • Trust Red Hat
    • Browser Support Policy
    • Accessibility
    • Awards and Recognition
    • Colophon

    Related Sites

    • redhat.com
    • openshift.com
    • developers.redhat.com
    • connect.redhat.com

    About

    • Red Hat Subscription Value
    • About Red Hat
    • Red Hat Jobs
    Copyright © 2021 Red Hat, Inc.
    • Privacy Statement
    • Customer Portal Terms of Use
    • All Policies and Guidelines
    Red Hat Summit
    Twitter Facebook