Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1644761
Summary: | CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all] | |||
---|---|---|---|---|
Product: | [Community] GlusterFS | Reporter: | Amar Tumballi <atumball> | |
Component: | locks | Assignee: | bugs <bugs> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | ||
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | mainline | CC: | anoopcs, atumball, bugs, extras-qa, humble.devassy, jonathansteffan, kkeithle, matthias, ndevos, ramkrsna, ravishankar, sisharma, srangana | |
Target Milestone: | --- | Keywords: | Security, SecurityTracking | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | glusterfs-6.x | Doc Type: | Release Note | |
Doc Text: | Story Points: | --- | ||
Clone Of: | 1644579 | |||
: | 1645363 1645373 (view as bug list) | Environment: | ||
Last Closed: | 2019-05-11 00:26:59 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1644579 | |||
Bug Blocks: | 1645363, 1645373 |
Description
Amar Tumballi
2018-10-31 14:41:04 UTC
Hi Amar, The fix for this patch is already present in master branch as a part of the commit 052849983e51a061d7fb2c3ffd74fa78bb257084 (https://review.gluster.org/#/c/glusterfs/+/20933/), which is not there in the release branches. Shall I move this BZ to modified, and send the relevant changes to fix the locks.c CVE alone to the supported release branch(es)? Got an ack from Amar via email. Moving it to MODIFIED. Will be sending the fix for locks vulnerability alone on release branches. |