Accepted glusterfs 3.5.2-2+deb8u5 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 03 Nov 2018 16:44:26 +0100
Source: glusterfs
Binary: glusterfs-client glusterfs-server glusterfs-common glusterfs-dbg
Architecture: source amd64
Version: 3.5.2-2+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
glusterfs-client - clustered file-system (client package)
glusterfs-common - GlusterFS common libraries and translator modules
glusterfs-dbg - GlusterFS debugging symbols
glusterfs-server - clustered file-system (server package)
Changes:
glusterfs (3.5.2-2+deb8u5) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2018-14651:
It was found that the fix for CVE-2018-10927, CVE-2018-10928,
CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A
remote, authenticated attacker could use one of these flaws to execute
arbitrary code, create arbitrary files, or cause denial of service on
glusterfs server nodes via symlinks to relative paths.
* Fix CVE-2018-14652:
The Gluster file system is vulnerable to a buffer overflow in the
'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD'
xattr in the 'pl_getxattr' function. A remote authenticated attacker could
exploit this on a mounted volume to cause a denial of service.
* Fix CVE-2018-14653:
The Gluster file system is vulnerable to a heap-based buffer overflow in
the '__server_getspec' function via the 'gf_getspec_req' RPC message. A
remote authenticated attacker could exploit this to cause a denial of
service or other potential unspecified impact.
* Fix CVE-2018-14659:
The Gluster file system is vulnerable to a denial of service attack via use
of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker
could exploit this by mounting a Gluster volume and repeatedly calling
'setxattr(2)' to trigger a state dump and create an arbitrary number of
files in the server's runtime directory.
* Fix CVE-2018-14661:
It was found that usage of snprintf function in feature/locks translator of
glusterfs server, as shipped with Red Hat Gluster Storage, was vulnerable
to a format string attack. A remote, authenticated attacker could use this
flaw to cause remote denial of service.
Checksums-Sha1:
7489d08a300513ee04c6df8f399e3890f5688569 2374 glusterfs_3.5.2-2+deb8u5.dsc
d9dba84684bc2c35c9063409f288bddd61589dc1 29428 glusterfs_3.5.2-2+deb8u5.debian.tar.xz
66bd6bc4c4e6afe396751b90890d147209f224b1 1914310 glusterfs-client_3.5.2-2+deb8u5_amd64.deb
44c9200645897233babde2cf3086d3b3f535bb20 1997338 glusterfs-server_3.5.2-2+deb8u5_amd64.deb
510c078e52800dcf2773519795365e12073e0a2e 3829596 glusterfs-common_3.5.2-2+deb8u5_amd64.deb
8651c1aa5eb5abed30123fb55d0225cef34982e4 8625462 glusterfs-dbg_3.5.2-2+deb8u5_amd64.deb
Checksums-Sha256:
3bad437345a1124b61a657e5ed0e8dde5b3271549db583dda9d3e2cb5b0626f4 2374 glusterfs_3.5.2-2+deb8u5.dsc
37952e076f1417e723c4743e34e516cf6ea8da8c5eeb4b23b3c25d93d8e03548 29428 glusterfs_3.5.2-2+deb8u5.debian.tar.xz
b9f5e0999eafad83edcf7cd719e0978bc9f73e51463b532149a8bc413ffa0562 1914310 glusterfs-client_3.5.2-2+deb8u5_amd64.deb
1de125aea7eb71968167cb8e0bf311ab5e6457ed9b3f4edf2d9453b1b59d6ee7 1997338 glusterfs-server_3.5.2-2+deb8u5_amd64.deb
24a15dad53230f1502e504329531fa9d9f62d25499de65b2af700ba5e2645560 3829596 glusterfs-common_3.5.2-2+deb8u5_amd64.deb
5d8d400051c31e883654509f30181221c1f425c572799f7fc06fd00be99400e5 8625462 glusterfs-dbg_3.5.2-2+deb8u5_amd64.deb
Files:
c627594b095e5b6c318f740a074b14eb 2374 admin optional glusterfs_3.5.2-2+deb8u5.dsc
0aed52ee7957f7cdd9ba5e2a167b63e4 29428 admin optional glusterfs_3.5.2-2+deb8u5.debian.tar.xz
55bcbb0eb1a7051f0b38cf1251f5e94f 1914310 admin optional glusterfs-client_3.5.2-2+deb8u5_amd64.deb
87e2dda6dee5df6a4f52705d1fbc22b0 1997338 admin optional glusterfs-server_3.5.2-2+deb8u5_amd64.deb
17959a0b46e19f8dd4b0bdba38180fd4 3829596 libs optional glusterfs-common_3.5.2-2+deb8u5_amd64.deb
3444dbfdf2d8fe724389e622d0e3a4fb 8625462 debug extra glusterfs-dbg_3.5.2-2+deb8u5_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvgb5NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk80cQANICLx0v3Fkk2acOBWS+jBrgPxJkiBdrX1fu
k7ABBzCq6oXp8ja+1b2P1qR4jMn3e3NZErgAdd5a5dMUr6Rd8CT+VDNKBn03JWLj
GRQI3sE0ZgDrdFydf+9KxX6KCBMhYR5LzbeH7UdaskHnB+JDrumOgIVt4JvTI5TB
m0KZa7mPbnZ9rKnq2XeNUtxOYZufr/r/KTq05xV9ADDv9nRRESUI4udgBui2pa/k
e/6zmb0RAZWHWxsqeOj4tXhMxgE/1tAka+wa/ft5UBbbrGns7reCOeIu+N11xTVr
xIVevRrzTo0dAJyz3UOD7YpDxhpfHv91mjB66hcRFO7tvpHAS92yudLM6LFMeQSA
m7wwHO1SwqGsQtvdY65eCUNiimLKv8jZdZHvr4KlEq/2quvqDo0+Tzs+tJmIUn6V
rYESYD5kKqoi2iGmWGJ7WLyBPYSXHwMogAtmUYIpRb2mOb02P2L7UWcBxYrWgpQ3
6YwQSlGoWAc/xAHvwT6oBS5UJXTJoUV2eSHwhr7moiV+En90k1y5Au6hWg97ae4/
+jDzhLn5Cy0zsNV0HUTjhwqtgMeX6ur98Z0O/wZmCUd0qV29MfSNLk5c4l2Z6DRJ
nJpXbOYIjO47HFqYUv9VGLlaJlQYeZDE6jlhPb8uQPuUJI9ZuCgNIorTbiqKLOYY
V44LtSuL
=bQSZ
-----END PGP SIGNATURE-----
Reply to: