libgluster.so is vulnerable to information disclosure. The library does not properly handle negative key length values during deserialization, causing the pointer to read information from other parts of the memory that can reveal sensitive information.
lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
access.redhat.com/errata/RHSA-2018:2607
access.redhat.com/errata/RHSA-2018:2608
access.redhat.com/errata/RHSA-2018:2892
access.redhat.com/errata/RHSA-2018:3242
access.redhat.com/errata/RHSA-2018:3470
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1594203
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911
lists.debian.org/debian-lts-announce/2018/09/msg00021.html
lists.debian.org/debian-lts-announce/2021/11/msg00000.html
review.gluster.org/#/c/glusterfs/+/21067/
security.gentoo.org/glsa/201904-06