Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1625089
Summary: | CVE-2018-10911 glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory | |||
---|---|---|---|---|
Product: | [Community] GlusterFS | Reporter: | Amar Tumballi <atumball> | |
Component: | core | Assignee: | Amar Tumballi <atumball> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | ||
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 4.1 | CC: | anoopcs, bugs, extras-qa, humble.devassy, jonathansteffan, kkeithle, matthias, ndevos, ramkrsna, sisharma | |
Target Milestone: | --- | Keywords: | Security, SecurityTracking | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | glusterfs-5.0 | Doc Type: | Release Note | |
Doc Text: | Story Points: | --- | ||
Clone Of: | 1625079 | |||
: | 1625656 (view as bug list) | Environment: | ||
Last Closed: | 2018-09-10 06:39:04 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1625079 | |||
Bug Blocks: | 1625656 |
Description
Amar Tumballi
2018-09-04 05:49:10 UTC
REVIEW: https://review.gluster.org/21067 (dict: handle negative key/value length while unserialize) posted (#1) for review on master by Amar Tumballi COMMIT: https://review.gluster.org/21067 committed in master by "Amar Tumballi" <amarts> with a commit message- dict: handle negative key/value length while unserialize Fixes: bz#1625089 Change-Id: Ie56df0da46c242846a1ba51ccb9e011af118b119 Signed-off-by: Amar Tumballi <amarts> REVIEW: https://review.gluster.org/21096 (dict: handle negative key/value length while unserialize) posted (#1) for review on release-4.1 by Amar Tumballi COMMIT: https://review.gluster.org/21096 committed in release-4.1 by "jiffin tony Thottan" <jthottan> with a commit message- dict: handle negative key/value length while unserialize Fixes: bz#1625089 Change-Id: Ie56df0da46c242846a1ba51ccb9e011af118b119 Signed-off-by: Amar Tumballi <amarts> This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-4.1.4, please open a new bug report. glusterfs-4.1.4 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] https://lists.gluster.org/pipermail/announce/2018-September/000112.html [2] https://www.gluster.org/pipermail/gluster-users/ This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-5.0, please open a new bug report. glusterfs-5.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] https://lists.gluster.org/pipermail/announce/2018-October/000115.html [2] https://www.gluster.org/pipermail/gluster-users/ |