8 matches found
GLSA-201904-06 : GlusterFS: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201904-06 GlusterFS: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in GlusterFS. Please review the referenced CVE identifiers for details. Impact : Please review the referenced CVE identifiers for details...
Fedora 29 : glusterfs (2018-986f0b7fb0)
5.1 GA , security fixes for: CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
RHEL 7 : Red Hat Virtualization (RHSA-2018:3470)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3470 advisory. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host,...
Debian DLA-1565-1 : glusterfs security update
Multiple security vulnerabilities were discovered in GlusterFS, a clustered file system. Buffer overflows and path traversal issues may lead to information disclosure, denial of service or the execution of arbitrary code. CVE-2018-14651 It was found that the fix for CVE-2018-10927, CVE-2018-10928...
RHEL 7 : glusterfs (RHSA-2018:3432)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3432 advisory. - glusterfs: glusterfs server exploitable via symlinks to relative paths CVE-2018-14651 - glusterfs: Buffer overflow in features/locks...
CVE-2018-14659
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GFXATTRIOSTATSDUMPKEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr2' to trigger a state dump and create...
CVE-2018-14659
The CVE-2018-14659 vulnerability affects GlusterFS up to versions 4.1.4 and 3.1.2. An authenticated, remote attacker could mount a Gluster volume and repeatedly call setxattr via GF_XATTR_IOSTATS_DUMP_KEY to trigger a state dump and create an arbitrary number of files in the server runtime direct...
CVE-2018-14659
A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service...