[prev in list] [next in list] [prev in thread] [next in thread]
List: gluster-announce
Subject: Updated Gluster Releases
From: Amye Scavarda <amye () redhat ! com>
Date: 2018-07-06 19:14:49
Message-ID: CACDUr8WL7J6KsbG7SzeE1AsS2-uo3KtebdYpFXDQ+qS+TmMH6Q () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
*The Gluster community has released an out-of-normal-cadence release for
Gluster 3.12, and 4.1 that resolves a CVE[1]. A privilege escalation flaw
was found.Glusterfs is vulnerable to privilege escalation on gluster server
nodes. An authenticated gluster client via TLS could use gluster cli with
--remote-host command to add it self to trusted storage pool and perform
privileged gluster operations like adding other machines to trusted storage
pool, start, stop, and delete volumes. Installing the updated packages and
restarting gluster services on gluster brick hosts, will help prevent the
security issue. Further information can be found at NVD[2].Our
recommendation is to upgrade to these new releases:
https://download.gluster.org/pub/gluster/glusterfs/3.12/3.12.11/
<https://download.gluster.org/pub/gluster/glusterfs/3.12/3.12.9/>https://download.gluster.org/pub/gluster/glusterfs/4.0/4.1.1/
<https://download.gluster.org/pub/gluster/glusterfs/4.0/4.0.2/> [1]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10841
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10841> [2]
https://nvd.nist.gov/vuln/detail/CVE-2018-10841
<https://nvd.nist.gov/vuln/detail/CVE-2018-10841> *
--
Amye Scavarda | amye@redhat.com | Gluster Community Lead
[Attachment #5 (text/html)]
<div dir="ltr"><b style="font-weight:normal" \
id="gmail-docs-internal-guid-9397e12a-7104-7718-c62c-32c006c62c63"><p dir="ltr" \
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span \
style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent; \
font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The \
Gluster community has released an out-of-normal-cadence release for Gluster 3.12, and \
4.1 that resolves a CVE[1]. A privilege escalation flaw was found.</span></p><br><p \
dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span \
style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent; \
font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Glusterfs \
is vulnerable to privilege escalation on gluster server nodes. An authenticated \
gluster client via TLS could use gluster cli with --remote-host command to add it \
self to trusted storage pool and perform privileged gluster operations like adding \
other machines to trusted storage pool, start, stop, and delete volumes.</span></p><p \
dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span \
style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent; \
font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> \
</span></p><p dir="ltr" \
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span \
style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent; \
font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Installing \
the updated packages and restarting gluster services on gluster brick hosts, will \
help prevent the security issue. </span></p><p dir="ltr" \
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span \
style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent; \
font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Further \
information can be found at NVD[2].</span></p><br><p dir="ltr" \
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span \
style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent; \
font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Our \
recommendation is to upgrade to these new releases: </span></p><p dir="ltr" \
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a \
href="https://download.gluster.org/pub/gluster/glusterfs/3.12/3.12.9/" \
style="text-decoration:none"><span \
style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);background-color:transpar \
ent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;ve \
rtical-align:baseline;white-space:pre-wrap">https://download.gluster.org/pub/gluster/glusterfs/3.12/3.12.11/</span></a></p><p \
dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a \
href="https://download.gluster.org/pub/gluster/glusterfs/4.0/4.0.2/" \
style="text-decoration:none"><span \
style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);background-color:transpar \
ent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;ve \
rtical-align:baseline;white-space:pre-wrap">https://download.gluster.org/pub/gluster/glusterfs/4.0/4.1.1/</span></a><span \
style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent; \
font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> \
</span></p><br><p dir="ltr" \
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span \
style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent; \
font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">[1] \
</span><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10841" \
style="text-decoration:none"><span \
style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);background-color:transpar \
ent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;ve \
rtical-align:baseline;white-space:pre-wrap">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10841</span></a><span \
style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent; \
font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> \
</span></p><p dir="ltr" \
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span \
style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent; \
font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">[2] \
</span><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-10841" \
style="text-decoration:none"><span \
style="font-size:11pt;font-family:Arial;color:rgb(17,85,204);background-color:transpar \
ent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;ve \
rtical-align:baseline;white-space:pre-wrap">https://nvd.nist.gov/vuln/detail/CVE-2018-10841</span></a><span \
style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent; \
font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> \
</span></p></b><br class="gmail-Apple-interchange-newline"><br \
clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr">Amye Scavarda | <a \
href="mailto:amye@redhat.com" target="_blank">amye@redhat.com</a> | Gluster Community \
Lead</div></div></div>
_______________________________________________
Announce mailing list
Announce@gluster.org
https://lists.gluster.org/mailman/listinfo/announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic