ALT-PU-2018-1732-1
Package glusterfs3 updated to version 3.12.9-alt0.M80P.1 for branch p8 in task 206538.
Closed vulnerabilities
Published: 2018-04-18
BDU:2021-04142
Уязвимость функции gluster_shared_storage платформы хранения для физических, виртуальных и облачных сред gluster, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (8.1)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-04-18
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-1088
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
Severity: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2020:0079
- openSUSE-SU-2020:0079
- RHSA-2018:1136
- RHSA-2018:1136
- RHSA-2018:1137
- RHSA-2018:1137
- RHSA-2018:1275
- RHSA-2018:1275
- RHSA-2018:1524
- RHSA-2018:1524
- https://bugzilla.redhat.com/show_bug.cgi?id=1558721
- https://bugzilla.redhat.com/show_bug.cgi?id=1558721
- [debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update
- [debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update
- GLSA-201904-06
- GLSA-201904-06