Red Hat Gluster Storage is a software only scale-out storage solution that
provides flexible and affordable unstructured data storage. It unifies data
storage and infrastructure, increases performance, and improves
availability and manageability to meet enterprise-level storage challenges.
Red Hat Gluster Storage’s Unified File and Object Storage is built on
OpenStack’s Object Storage (swift).
A flaw was found in the way swiftonfile (gluster-swift) serialized and
stored metadata on disk by using Python’s pickle module. A remote,
authenticated user could use this flaw to execute arbitrary code on the
storage node. (CVE-2015-5242)
For more information about CVE-2015-5242, please see
https://access.redhat.com/solutions/1985893
Red Hat would like to thank Bill Owen of IBM for reporting this issue.
All swiftonfile users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | swiftonfile | < 1.13.1-6.el6rhs | swiftonfile-1.13.1-6.el6rhs.src.rpm |
RedHat | 6 | noarch | swiftonfile | < 1.13.1-6.el6rhs | swiftonfile-1.13.1-6.el6rhs.noarch.rpm |