(RHSA-2015:1918) Important: swiftonfile security update

Red Hat Gluster Storage is a software only scale-out storage solution that
provides flexible and affordable unstructured data storage. It unifies data
storage and infrastructure, increases performance, and improves
availability and manageability to meet enterprise-level storage challenges.

Red Hat Gluster Storage’s Unified File and Object Storage is built on
OpenStack’s Object Storage (swift).

A flaw was found in the way swiftonfile (gluster-swift) serialized and
stored metadata on disk by using Python’s pickle module. A remote,
authenticated user could use this flaw to execute arbitrary code on the
storage node. (CVE-2015-5242)

For more information about CVE-2015-5242, please see
https://access.redhat.com/solutions/1985893

Red Hat would like to thank Bill Owen of IBM for reporting this issue.

All swiftonfile users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.