(RHSA-2018:1954) Important: glusterfs security update

2018-06-2010:21:36

access.redhat.com

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.0%

JSON

GlusterFS is a key building block of Red Hat Gluster Storage. It is based
on a stackable user-space design and can deliver exceptional performance
for diverse workloads. GlusterFS aggregates various storage servers over
network interconnections into one large, parallel network file system.

Security Fix:

glusterfs: access trusted peer group via remote-host command
(CVE-2018-10841)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64glusterfs< 3.8.4-54.10.el7rhgsglusterfs-3.8.4-54.10.el7rhgs.x86_64.rpm
RedHat7x86_64glusterfs-devel< 3.8.4-54.10.el7glusterfs-devel-3.8.4-54.10.el7.x86_64.rpm
RedHat7x86_64glusterfs-cli< 3.8.4-54.10.el7glusterfs-cli-3.8.4-54.10.el7.x86_64.rpm
RedHat7noarchpython-gluster< 3.8.4-54.10.el7rhgspython-gluster-3.8.4-54.10.el7rhgs.noarch.rpm
RedHat7x86_64glusterfs-fuse< 3.8.4-54.10.el7glusterfs-fuse-3.8.4-54.10.el7.x86_64.rpm
RedHat7x86_64glusterfs-api-devel< 3.8.4-54.10.el7glusterfs-api-devel-3.8.4-54.10.el7.x86_64.rpm
RedHat7x86_64glusterfs< 3.8.4-54.10.el7glusterfs-3.8.4-54.10.el7.x86_64.rpm
RedHat7noarchpython-gluster< 3.8.4-54.10.el7python-gluster-3.8.4-54.10.el7.noarch.rpm
RedHat7x86_64glusterfs-debuginfo< 3.8.4-54.10.el7glusterfs-debuginfo-3.8.4-54.10.el7.x86_64.rpm
RedHat7x86_64glusterfs-api-devel< 3.8.4-54.10.el7rhgsglusterfs-api-devel-3.8.4-54.10.el7rhgs.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	glusterfs	< 3.8.4-54.10.el7rhgs	glusterfs-3.8.4-54.10.el7rhgs.x86_64.rpm
RedHat	7	x86_64	glusterfs-devel	< 3.8.4-54.10.el7	glusterfs-devel-3.8.4-54.10.el7.x86_64.rpm
RedHat	7	x86_64	glusterfs-cli	< 3.8.4-54.10.el7	glusterfs-cli-3.8.4-54.10.el7.x86_64.rpm
RedHat	7	noarch	python-gluster	< 3.8.4-54.10.el7rhgs	python-gluster-3.8.4-54.10.el7rhgs.noarch.rpm
RedHat	7	x86_64	glusterfs-fuse	< 3.8.4-54.10.el7	glusterfs-fuse-3.8.4-54.10.el7.x86_64.rpm
RedHat	7	x86_64	glusterfs-api-devel	< 3.8.4-54.10.el7	glusterfs-api-devel-3.8.4-54.10.el7.x86_64.rpm
RedHat	7	x86_64	glusterfs	< 3.8.4-54.10.el7	glusterfs-3.8.4-54.10.el7.x86_64.rpm
RedHat	7	noarch	python-gluster	< 3.8.4-54.10.el7	python-gluster-3.8.4-54.10.el7.noarch.rpm
RedHat	7	x86_64	glusterfs-debuginfo	< 3.8.4-54.10.el7	glusterfs-debuginfo-3.8.4-54.10.el7.x86_64.rpm
RedHat	7	x86_64	glusterfs-api-devel	< 3.8.4-54.10.el7rhgs	glusterfs-api-devel-3.8.4-54.10.el7rhgs.x86_64.rpm