Summary: | <sys-cluster/glusterfs-4.1.8: Multiple vulnerabilities (CVE-2018-14651, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Vlad K. <vk-gentoo-bugs> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | cluster, hydrapolic |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2018/10/31/5 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=653070 https://bugs.gentoo.org/show_bug.cgi?id=658700 https://bugs.gentoo.org/show_bug.cgi?id=658606 |
||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
=sys-cluster/glusterfs-4.1.8
|
Runtime testing required: | Yes |
Bug Depends on: | |||
Bug Blocks: | 658606, 664336 |
Description
Vlad K.
2018-11-01 13:49:00 UTC
Maintainers please confirm but this looks like it was picked for 4.1.6. Appropriate fixes: CVE-2018-14651: https://review.gluster.org/#/c/glusterfs/+/21589/ CVE-2018-14652: https://review.gluster.org/#/c/glusterfs/+/21535/ CVE-2018-14653: https://review.gluster.org/#/c/glusterfs/+/21614/ CVE-2018-14654: https://review.gluster.org/#/c/glusterfs/+/21559/ CVE-2018-14659: https://review.gluster.org/#/c/glusterfs/+/21590/ CVE-2018-14660: https://review.gluster.org/#/c/glusterfs/+/21603/ CVE-2018-14661: https://review.gluster.org/#/c/glusterfs/+/21532/ (In reply to Yury German from comment #1) > Maintainers please confirm but this looks like it was picked for 4.1.6. > Appropriate fixes: > > CVE-2018-14651: https://review.gluster.org/#/c/glusterfs/+/21589/ > CVE-2018-14652: https://review.gluster.org/#/c/glusterfs/+/21535/ > CVE-2018-14653: https://review.gluster.org/#/c/glusterfs/+/21614/ > CVE-2018-14654: https://review.gluster.org/#/c/glusterfs/+/21559/ > CVE-2018-14659: https://review.gluster.org/#/c/glusterfs/+/21590/ > CVE-2018-14660: https://review.gluster.org/#/c/glusterfs/+/21603/ > CVE-2018-14661: https://review.gluster.org/#/c/glusterfs/+/21532/ Agreed. Latest version is 4.1.8 with additional fixes as well. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ad0e566365b914c27b06a36e7a26209c957511c commit 7ad0e566365b914c27b06a36e7a26209c957511c Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-03-28 20:40:20 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-03-28 20:43:19 +0000 sys-cluster/glusterfs: bup to fix outstanding security issues * This bump addresses multiple CVEs that have been fixed upstream Bug: https://bugs.gentoo.org/658606 Bug: https://bugs.gentoo.org/664336 Bug: https://bugs.gentoo.org/670088 Signed-off-by: Aaron Bauman <bman@gentoo.org> sys-cluster/glusterfs/Manifest | 1 + sys-cluster/glusterfs/glusterfs-4.1.8.ebuild | 226 +++++++++++++++++++++++++++ 2 files changed, 227 insertions(+) @arches, please stabilize. amd64 stable This issue was resolved and addressed in GLSA 201904-06 at https://security.gentoo.org/glsa/201904-06 by GLSA coordinator Aaron Bauman (b-man). re-opened for final arches and cleanup. ppc64 stable ppc stable Only x86 arch left and I can drop vulnerable 4.1.5 from tree, all the rest I dropped already x86 stable. Maintainer(s), please cleanup. cleanup done |