Lucene search

K
redhatRedHatRHSA-2015:1495
HistoryJul 29, 2015 - 12:00 a.m.

(RHSA-2015:1495) Important: Red Hat Gluster Storage 3.1 update

2015-07-2900:00:00
access.redhat.com
16

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.055 Low

EPSS

Percentile

92.0%

Red Hat Gluster Storage is a software only scale-out storage solution that
provides flexible and affordable unstructured data storage. It unifies data
storage and infrastructure, increases performance, and improves availability and
manageability to meet enterprise-level storage challenges.

Red Hat Gluster Storage’s Unified File and Object Storage is built on
OpenStack’s Object Storage (swift).

A flaw was found in the metadata constraints in OpenStack Object Storage
(swift). By adding metadata in several separate calls, a malicious user
could bypass the max_meta_count constraint, and store more metadata than
allowed by the configuration. (CVE-2014-7960)

Multiple flaws were found in check-mk, a plug-in for the Nagios monitoring
system, which is used to provide monitoring and alerts for the Red Hat
Gluster Storage network and infrastructure: a reflected cross-site
scripting flaw due improper output encoding, a flaw that could allow
attackers to write .mk files in arbitrary file system locations, and a flaw
that could possibly allow remote attackers to execute code in the wato (web
based admin) module due to the unsafe use of the pickle() function.
(CVE-2014-5338, CVE-2014-5339, CVE-2014-5340)

This update also fixes numerous bugs and adds various enhancements. Space
precludes documenting all of these changes in this advisory. Users are
directed to the Red Hat Gluster Storage 3.1 Technical Notes, linked to in
the References section, for information on the most significant of these
changes.

This advisory introduces the following new features:

  • NFS-Ganesha is now supported in highly available active-active
    environment. In a highly available active-active environment, if a
    NFS-Ganesha server that is connected to a NFS client running a particular
    application crashes, the application/NFS client is seamlessly connected to
    another NFS-Ganesha server without any administrative intervention.

  • Snapshot scheduler creates snapshots automatically based on the
    configured scheduled interval of time. The snapshots can be created every
    hour, a particular day of the month, particular month, or a particular day
    of the week.

  • You can now create a clone of a snapshot. This is a writable clone and
    behaves like a regular volume. A new volume can be created from a
    particular snapshot clone. Snapshot Clone is a technology preview feature.

  • Red Hat Gluster Storage supports network encryption using TLS/SSL.
    Red Hat Gluster Storage uses TLS/SSL for authentication and authorization,
    in place of the home grown authentication framework used for normal connections.

  • BitRot detection is a technique used in Red Hat Gluster Storage to
    identify the silent corruption of data with no indication from the disk to
    the storage software layer when the error has occurred. BitRot also helps
    in catching backend tinkering of bricks, where the data is directly
    manipulated on the bricks without going through FUSE, NFS or any other
    access protocols.

  • Glusterfind is a utility that provides the list of files that are
    modified between the previous backup session and the current period.
    This list of files can then be used by any industry standard backup
    application for backup.

  • The Parallel Network File System (pNFS) is part of the NFS v4.1 protocol
    that allows compute clients to access storage devices directly and in
    parallel. pNFS is a technology preview feature.

  • Tiering improves the performance, and the compliance aspects in a Red Hat
    Gluster Storage environment. It serves as an enabling technology for other
    enhancements by combining cost-effective or archivally oriented storage for
    the majority of user data with high-performance storage to absorb the
    majority of I/O workload. Tiering is a technology preview feature.

All users of Red Hat Gluster Storage are advised to apply this update.

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.055 Low

EPSS

Percentile

92.0%

Related for RHSA-2015:1495