Information on source package glusterfs

Available versions

Release	Version
jessie	3.5.2-2+deb8u3
jessie (security)	3.5.2-2+deb8u5
stretch	3.8.8-1
buster	5.5-3
sid	5.5-3

Open issues

Bug	jessie	stretch	buster	sid	Description
CVE-2018-14661	fixed	vulnerable	fixed	fixed	It was found that usage of snprintf function in feature/locks translat ...
CVE-2018-14660	fixed	vulnerable	fixed	fixed	A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 ...
CVE-2018-14659	fixed	vulnerable	fixed	fixed	The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...
CVE-2018-14654	fixed	vulnerable	fixed	fixed	The Gluster file system through version 4.1.4 is vulnerable to abuse o ...
CVE-2018-14653	fixed	vulnerable	fixed	fixed	The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...
CVE-2018-14652	fixed	vulnerable	fixed	fixed	The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...
CVE-2018-10930	fixed	vulnerable	fixed	fixed	A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...
CVE-2018-10929	fixed	vulnerable	fixed	fixed	A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...
CVE-2018-10928	fixed	vulnerable	fixed	fixed	A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...
CVE-2018-10927	fixed	vulnerable	fixed	fixed	A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...
CVE-2018-10926	fixed	vulnerable	fixed	fixed	A flaw was found in RPC request using gfs3_mknod_req supported by glus ...
CVE-2018-10923	fixed	vulnerable	fixed	fixed	It was found that the "mknod" call derived from mknod(2) can create fi ...
CVE-2018-10914	fixed	vulnerable	fixed	fixed	It was found that an attacker could issue a xattr request via glusterf ...
CVE-2018-10913	fixed	vulnerable	fixed	fixed	An information disclosure vulnerability was discovered in glusterfs se ...
CVE-2018-10911	fixed	vulnerable	fixed	fixed	A flaw was found in the way dic_unserialize function of glusterfs does ...
CVE-2018-10907	fixed	vulnerable	fixed	fixed	It was found that glusterfs server is vulnerable to multiple stack bas ...
CVE-2018-10904	fixed	vulnerable	fixed	fixed	It was found that glusterfs server does not properly sanitize file pat ...
CVE-2018-1088	fixed	vulnerable	fixed	fixed	A privilege escalation flaw was found in gluster 3.x snapshot schedule ...
CVE-2018-10841	fixed	vulnerable	fixed	fixed	glusterfs is vulnerable to privilege escalation on gluster server node ...

Resolved issues

Bug	Description
CVE-2018-14651	It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018 ...
CVE-2018-1112	glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when usi ...
CVE-2018-10924	It was discovered that fsync(2) system call in glusterfs client code l ...
CVE-2017-15096	A flaw was found in GlusterFS in versions prior to 3.10. A null pointe ...
CVE-2015-1795	Red Hat Gluster Storage RPM Package 3.2 allows local users to gain pri ...
CVE-2014-3619	The __socket_proto_state_machine function in GlusterFS 3.5 allows remo ...
CVE-2012-5635	The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...
CVE-2012-4417	GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local u ...

Security announcements

DSA / DLA	Description
DLA-1565-1	glusterfs - security update
DLA-1510-1	glusterfs - security update