(RHSA-2017:0486) Moderate: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update

2017-03-23T09:04:28
ID RHSA-2017:0486
Type redhat
Reporter RedHat
Modified 2018-03-19T16:29:44

Description

Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.

The following packages have been upgraded to a later upstream version: glusterfs (3.8.4), redhat-storage-server (3.2.0.2), vdsm (4.17.33). (BZ#1362376)

Security Fix(es):

  • It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package. (CVE-2015-1795)

This issue was discovered by Florian Weimer of Red Hat Product Security.

Bug Fix(es):

  • Bricks remain stopped if server quorum is no longer met, or if server quorum is disabled, to ensure that bricks in maintenance are not started incorrectly. (BZ#1340995)

  • The metadata cache translator has been updated to improve Red Hat Gluster Storage performance when reading small files. (BZ#1427783)

  • The 'gluster volume add-brick' command is no longer allowed when the replica count has increased and any replica bricks are unavailable. (BZ#1404989)

  • Split-brain resolution commands work regardless of whether client-side heal or the self-heal daemon are enabled. (BZ#1403840)

Enhancement(s):

  • Red Hat Gluster Storage now provides Transport Layer Security support for Samba and NFS-Ganesha. (BZ#1340608, BZ#1371475)

  • A new reset-sync-time option enables resetting the sync time attribute to zero when required. (BZ#1205162)

  • Tiering demotions are now triggered at most 5 seconds after a hi-watermark breach event. Administrators can use the cluster.tier-query-limit volume parameter to specify the number of records extracted from the heat database during demotion. (BZ#1361759)

  • The /var/log/glusterfs/etc-glusterfs-glusterd.vol.log file is now named /var/log/glusterfs/glusterd.log. (BZ#1306120)

  • The 'gluster volume attach-tier/detach-tier' commands are considered deprecated in favor of the new commands, 'gluster volume tier VOLNAME attach/detach'. (BZ#1388464)

  • The HA_VOL_SERVER parameter in the ganesha-ha.conf file is no longer used by Red Hat Gluster Storage. (BZ#1348954)

  • The volfile server role can now be passed to another server when a server is unavailable. (BZ#1351949)

  • Ports can now be reused when they stop being used by another service. (BZ#1263090)

  • The thread pool limit for the rebalance process is now dynamic, and is determined based on the number of available cores. (BZ#1352805)

  • Brick verification at reboot now uses UUID instead of brick path. (BZ#1336267)

  • LOGIN_NAME_MAX is now used as the maximum length for the slave user instead of __POSIX_LOGIN_NAME_MAX, allowing for up to 256 characters including the NULL byte. (BZ#1400365)

  • The client identifier is now included in the log message to make it easier to determine which client failed to connect. (BZ#1333885)