9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.055 Low
EPSS
Percentile
92.0%
Red Hat Gluster Storage is a software only scale-out storage solution that
provides flexible and affordable unstructured data storage. It unifies data
storage and infrastructure, increases performance, and improves availability and
manageability to meet enterprise-level storage challenges.
Red Hat Gluster Storage’s Unified File and Object Storage is built on
OpenStack’s Object Storage (swift).
A flaw was found in the metadata constraints in OpenStack Object Storage
(swift). By adding metadata in several separate calls, a malicious user
could bypass the max_meta_count constraint, and store more metadata than
allowed by the configuration. (CVE-2014-7960)
Multiple flaws were found in check-mk, a plug-in for the Nagios monitoring
system, which is used to provide monitoring and alerts for the Red Hat
Gluster Storage network and infrastructure: a reflected cross-site
scripting flaw due improper output encoding, a flaw that could allow
attackers to write .mk files in arbitrary file system locations, and a flaw
that could possibly allow remote attackers to execute code in the wato (web
based admin) module due to the unsafe use of the pickle() function.
(CVE-2014-5338, CVE-2014-5339, CVE-2014-5340)
This update also fixes numerous bugs and adds various enhancements. Space
precludes documenting all of these changes in this advisory. Users are
directed to the Red Hat Gluster Storage 3.1 Technical Notes, linked to in
the References section, for information on the most significant of these
changes.
This advisory introduces the following new features:
NFS-Ganesha is now supported in highly available active-active
environment. In a highly available active-active environment, if a
NFS-Ganesha server that is connected to a NFS client running a particular
application crashes, the application/NFS client is seamlessly connected to
another NFS-Ganesha server without any administrative intervention.
Snapshot scheduler creates snapshots automatically based on the
configured scheduled interval of time. The snapshots can be created every
hour, a particular day of the month, particular month, or a particular day
of the week.
You can now create a clone of a snapshot. This is a writable clone and
behaves like a regular volume. A new volume can be created from a
particular snapshot clone. Snapshot Clone is a technology preview feature.
Red Hat Gluster Storage supports network encryption using TLS/SSL.
Red Hat Gluster Storage uses TLS/SSL for authentication and authorization,
in place of the home grown authentication framework used for normal connections.
BitRot detection is a technique used in Red Hat Gluster Storage to
identify the silent corruption of data with no indication from the disk to
the storage software layer when the error has occurred. BitRot also helps
in catching backend tinkering of bricks, where the data is directly
manipulated on the bricks without going through FUSE, NFS or any other
access protocols.
Glusterfind is a utility that provides the list of files that are
modified between the previous backup session and the current period.
This list of files can then be used by any industry standard backup
application for backup.
The Parallel Network File System (pNFS) is part of the NFS v4.1 protocol
that allows compute clients to access storage devices directly and in
parallel. pNFS is a technology preview feature.
Tiering improves the performance, and the compliance aspects in a Red Hat
Gluster Storage environment. It serves as an enabling technology for other
enhancements by combining cost-effective or archivally oriented storage for
the majority of user data with high-performance storage to absorb the
majority of I/O workload. Tiering is a technology preview feature.
All users of Red Hat Gluster Storage are advised to apply this update.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | vdsm-hook-qemucmdline | < 4.16.20-1.2.el6rhs | vdsm-hook-qemucmdline-4.16.20-1.2.el6rhs.noarch.rpm |
RedHat | 6 | x86_64 | libqb-devel | < 0.17.1-1.el6 | libqb-devel-0.17.1-1.el6.x86_64.rpm |
RedHat | 6 | noarch | clufter-lib-ccs | < 0.11.2-1.el6 | clufter-lib-ccs-0.11.2-1.el6.noarch.rpm |
RedHat | 6 | x86_64 | ccs | < 0.16.2-81.el6 | ccs-0.16.2-81.el6.x86_64.rpm |
RedHat | 6 | x86_64 | glusterfs-rdma | < 3.7.1-11.el6rhs | glusterfs-rdma-3.7.1-11.el6rhs.x86_64.rpm |
RedHat | 6 | src | gstatus | < 0.64-3.1.el6rhs | gstatus-0.64-3.1.el6rhs.src.rpm |
RedHat | 6 | x86_64 | ctdb2.5-debuginfo | < 2.5.5-7.el6rhs | ctdb2.5-debuginfo-2.5.5-7.el6rhs.x86_64.rpm |
RedHat | 6 | x86_64 | python-gluster | < 3.7.1-11.el6 | python-gluster-3.7.1-11.el6.x86_64.rpm |
RedHat | 5 | x86_64 | glusterfs | < 3.7.1-11.el5 | glusterfs-3.7.1-11.el5.x86_64.rpm |
RedHat | 6 | x86_64 | fence-virtd-checkpoint | < 0.2.3-19.el6 | fence-virtd-checkpoint-0.2.3-19.el6.x86_64.rpm |