ALT-PU-2018-1730-1
Package glusterfs3 updated to version 3.12.9-alt1 for branch sisyphus in task 206535.
Closed vulnerabilities
Published: 2018-04-18
BDU:2021-04142
Уязвимость функции gluster_shared_storage платформы хранения для физических, виртуальных и облачных сред gluster, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (8.1)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-04-18
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-1088
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
Severity: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2020:0079
- openSUSE-SU-2020:0079
- RHSA-2018:1136
- RHSA-2018:1136
- RHSA-2018:1137
- RHSA-2018:1137
- RHSA-2018:1275
- RHSA-2018:1275
- RHSA-2018:1524
- RHSA-2018:1524
- https://bugzilla.redhat.com/show_bug.cgi?id=1558721
- https://bugzilla.redhat.com/show_bug.cgi?id=1558721
- [debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update
- [debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update
- GLSA-201904-06
- GLSA-201904-06