Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1644755
Summary: | CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all] | |||
---|---|---|---|---|
Product: | [Community] GlusterFS | Reporter: | Amar Tumballi <atumball> | |
Component: | core | Assignee: | Amar Tumballi <atumball> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | ||
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | mainline | CC: | anoopcs, bugs, extras-qa, humble.devassy, jonathansteffan, kkeithle, matthias, ndevos, ramkrsna, sisharma, srangana | |
Target Milestone: | --- | Keywords: | Security, SecurityTracking | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | glusterfs-6.0 | Doc Type: | Release Note | |
Doc Text: | Story Points: | --- | ||
Clone Of: | 1644730 | |||
: | 1647663 1647667 (view as bug list) | Environment: | ||
Last Closed: | 2018-12-26 16:28:54 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1644730 | |||
Bug Blocks: | 1647663, 1647667 |
Description
Amar Tumballi
2018-10-31 14:37:21 UTC
REVIEW: https://review.gluster.org/21527 (server: don't allow '/' in basename) posted (#1) for review on master by Amar Tumballi REVIEW: https://review.gluster.org/21527 (server: don't allow '/' in basename) posted (#4) for review on master by Shyamsundar Ranganathan REVIEW: https://review.gluster.org/21575 (server: don't allow '/' in basename) posted (#1) for review on release-5 by Amar Tumballi REVISION POSTED: https://review.gluster.org/21575 (server: don't allow '/' in basename) posted (#2) for review on release-5 by Amar Tumballi This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-6.0, please open a new bug report. glusterfs-6.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] https://lists.gluster.org/pipermail/announce/2019-March/000120.html [2] https://www.gluster.org/pipermail/gluster-users/ |