Updated Gluster Releases

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The Gluster community has released an out-of-normal-cadence release for Gluster 3.12, and 4.1 that resolves a CVE[1]. A privilege escalation flaw was found.


Glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.

Installing the updated packages and restarting gluster services on gluster brick hosts, will help prevent the security issue.

Further information can be found at NVD[2].


Our recommendation is to upgrade to these new releases:

https://download.gluster.org/pub/gluster/glusterfs/3.12/3.12.11/

https://download.gluster.org/pub/gluster/glusterfs/4.0/4.1.1/


[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10841

[2] https://nvd.nist.gov/vuln/detail/CVE-2018-10841




--
Amye Scavarda | amye@xxxxxxxxxx | Gluster Community Lead
_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
https://lists.gluster.org/mailman/listinfo/gluster-users

[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux