Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1593525
Summary: | CVE-2018-10841 glusterfs: access trusted peer group via remote-host command [glusterfs upstream] | ||
---|---|---|---|
Product: | [Community] GlusterFS | Reporter: | Mohit Agrawal <moagrawa> |
Component: | core | Assignee: | Mohit Agrawal <moagrawa> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 4.1 | CC: | amukherj, atumball, bmekala, rhinduja, sankarshan, sisharma, smohan, ssaha, vbellur |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | component:glusterfs | ||
Fixed In Version: | glusterfs-4.1.1 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | 1582129 | Environment: | |
Last Closed: | 2019-05-11 11:43:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1582129, 1593526 | ||
Bug Blocks: | 1582043, 1593232 | ||
Deadline: | 2018-07-20 |
Comment 1
Mohit Agrawal
2018-06-21 02:02:31 UTC
Patch is posted https://review.gluster.org/#/c/20338 Regards Mohit Agrawal REVIEW: https://review.gluster.org/20338 (glusterfs: access trusted peer group via remote-host command) posted (#2) for review on release-4.1 by Shyamsundar Ranganathan COMMIT: https://review.gluster.org/20338 committed in release-4.1 by "Shyamsundar Ranganathan" <srangana> with a commit message- glusterfs: access trusted peer group via remote-host command Problem: In SSL environment the user is able to access volume via remote-host command without adding node in a trusted pool Solution: Change the list of rpc program in glusterd.c at the time of initialization while SSL is enabled > Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199 > cherry picked from commit 234d611160840899bcfd5ab1c17a6253673d38ed BUG: 1593525 fixes: bz#1593525 Change-Id: Ice4eda3d8104a4d5641de3cffd7249e46080d48f Signed-off-by: Mohit Agrawal <moagrawa> |