RHEL 7 : Red Hat Gluster Storage (RHSA-2018:2607)

high Nessus Plugin ID 117317

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2607 advisory.

GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system.

Security Fix(es):

* glusterfs: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code (CVE-2018-10904)

* glusterfs: Stack-based buffer overflow in server-rpc-fops.c allows remote attackers to execute arbitrary code (CVE-2018-10907)

* glusterfs: I/O to arbitrary devices on storage server (CVE-2018-10923)

* glusterfs: Device files can be created in arbitrary locations (CVE-2018-10926)

* glusterfs: File status information leak and denial of service (CVE-2018-10927)

* glusterfs: Improper resolution of symlinks allows for privilege escalation (CVE-2018-10928)

* glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code (CVE-2018-10929)

* glusterfs: Files can be renamed outside volume (CVE-2018-10930)

* glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911)

* glusterfs: remote denial of service of gluster volumes via posix_get_file_contents function in posix- helpers.c (CVE-2018-10914)

* glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c (CVE-2018-10913)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting these issues.

Additional Changes:

These updated glusterfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:

https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/3.4/html/3.4_release_notes/

All users of Red Hat Gluster Storage are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?305566fc

http://www.nessus.org/u?677e7926

https://access.redhat.com/errata/RHSA-2018:2607

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=1118770

https://bugzilla.redhat.com/show_bug.cgi?id=1167789

https://bugzilla.redhat.com/show_bug.cgi?id=1186664

https://bugzilla.redhat.com/show_bug.cgi?id=1215556

https://bugzilla.redhat.com/show_bug.cgi?id=1226874

https://bugzilla.redhat.com/show_bug.cgi?id=1234884

https://bugzilla.redhat.com/show_bug.cgi?id=1260479

https://bugzilla.redhat.com/show_bug.cgi?id=1262230

https://bugzilla.redhat.com/show_bug.cgi?id=1277924

https://bugzilla.redhat.com/show_bug.cgi?id=1282318

https://bugzilla.redhat.com/show_bug.cgi?id=1282731

https://bugzilla.redhat.com/show_bug.cgi?id=1283045

https://bugzilla.redhat.com/show_bug.cgi?id=1286092

https://bugzilla.redhat.com/show_bug.cgi?id=1286820

https://bugzilla.redhat.com/show_bug.cgi?id=1288115

https://bugzilla.redhat.com/show_bug.cgi?id=1293332

https://bugzilla.redhat.com/show_bug.cgi?id=1293349

https://bugzilla.redhat.com/show_bug.cgi?id=1294412

https://bugzilla.redhat.com/show_bug.cgi?id=1299740

https://bugzilla.redhat.com/show_bug.cgi?id=1301474

https://bugzilla.redhat.com/show_bug.cgi?id=1319271

https://bugzilla.redhat.com/show_bug.cgi?id=1324531

https://bugzilla.redhat.com/show_bug.cgi?id=1330526

https://bugzilla.redhat.com/show_bug.cgi?id=1333705

https://bugzilla.redhat.com/show_bug.cgi?id=1338693

https://bugzilla.redhat.com/show_bug.cgi?id=1339054

https://bugzilla.redhat.com/show_bug.cgi?id=1339765

https://bugzilla.redhat.com/show_bug.cgi?id=1341190

https://bugzilla.redhat.com/show_bug.cgi?id=1342785

https://bugzilla.redhat.com/show_bug.cgi?id=1345828

https://bugzilla.redhat.com/show_bug.cgi?id=1356454

https://bugzilla.redhat.com/show_bug.cgi?id=1360331

https://bugzilla.redhat.com/show_bug.cgi?id=1361209

https://bugzilla.redhat.com/show_bug.cgi?id=1369312

https://bugzilla.redhat.com/show_bug.cgi?id=1369420

https://bugzilla.redhat.com/show_bug.cgi?id=1375094

https://bugzilla.redhat.com/show_bug.cgi?id=1378371

https://bugzilla.redhat.com/show_bug.cgi?id=1384762

https://bugzilla.redhat.com/show_bug.cgi?id=1384979

https://bugzilla.redhat.com/show_bug.cgi?id=1384983

https://bugzilla.redhat.com/show_bug.cgi?id=1388218

https://bugzilla.redhat.com/show_bug.cgi?id=1392905

https://bugzilla.redhat.com/show_bug.cgi?id=1397798

https://bugzilla.redhat.com/show_bug.cgi?id=1401969

https://bugzilla.redhat.com/show_bug.cgi?id=1406363

https://bugzilla.redhat.com/show_bug.cgi?id=1408158

https://bugzilla.redhat.com/show_bug.cgi?id=1408354

https://bugzilla.redhat.com/show_bug.cgi?id=1409102

https://bugzilla.redhat.com/show_bug.cgi?id=1410719

https://bugzilla.redhat.com/show_bug.cgi?id=1413005

https://bugzilla.redhat.com/show_bug.cgi?id=1413959

https://bugzilla.redhat.com/show_bug.cgi?id=1414456

https://bugzilla.redhat.com/show_bug.cgi?id=1419438

https://bugzilla.redhat.com/show_bug.cgi?id=1419807

https://bugzilla.redhat.com/show_bug.cgi?id=1425681

https://bugzilla.redhat.com/show_bug.cgi?id=1426042

https://bugzilla.redhat.com/show_bug.cgi?id=1436673

https://bugzilla.redhat.com/show_bug.cgi?id=1442983

https://bugzilla.redhat.com/show_bug.cgi?id=1444820

https://bugzilla.redhat.com/show_bug.cgi?id=1446046

https://bugzilla.redhat.com/show_bug.cgi?id=1448334

https://bugzilla.redhat.com/show_bug.cgi?id=1449638

https://bugzilla.redhat.com/show_bug.cgi?id=1449867

https://bugzilla.redhat.com/show_bug.cgi?id=1452915

https://bugzilla.redhat.com/show_bug.cgi?id=1459101

https://bugzilla.redhat.com/show_bug.cgi?id=1459895

https://bugzilla.redhat.com/show_bug.cgi?id=1460639

https://bugzilla.redhat.com/show_bug.cgi?id=1460918

https://bugzilla.redhat.com/show_bug.cgi?id=1461695

https://bugzilla.redhat.com/show_bug.cgi?id=1463112

https://bugzilla.redhat.com/show_bug.cgi?id=1463114

https://bugzilla.redhat.com/show_bug.cgi?id=1463592

https://bugzilla.redhat.com/show_bug.cgi?id=1463964

https://bugzilla.redhat.com/show_bug.cgi?id=1464150

https://bugzilla.redhat.com/show_bug.cgi?id=1464350

https://bugzilla.redhat.com/show_bug.cgi?id=1466122

https://bugzilla.redhat.com/show_bug.cgi?id=1466129

https://bugzilla.redhat.com/show_bug.cgi?id=1467536

https://bugzilla.redhat.com/show_bug.cgi?id=1468972

https://bugzilla.redhat.com/show_bug.cgi?id=1470566

https://bugzilla.redhat.com/show_bug.cgi?id=1470599

https://bugzilla.redhat.com/show_bug.cgi?id=1470967

https://bugzilla.redhat.com/show_bug.cgi?id=1472757

https://bugzilla.redhat.com/show_bug.cgi?id=1474012

https://bugzilla.redhat.com/show_bug.cgi?id=1474745

https://bugzilla.redhat.com/show_bug.cgi?id=1475466

https://bugzilla.redhat.com/show_bug.cgi?id=1475475

https://bugzilla.redhat.com/show_bug.cgi?id=1475779

https://bugzilla.redhat.com/show_bug.cgi?id=1475789

https://bugzilla.redhat.com/show_bug.cgi?id=1476827

https://bugzilla.redhat.com/show_bug.cgi?id=1476876

https://bugzilla.redhat.com/show_bug.cgi?id=1477087

https://bugzilla.redhat.com/show_bug.cgi?id=1477250

https://bugzilla.redhat.com/show_bug.cgi?id=1478395

https://bugzilla.redhat.com/show_bug.cgi?id=1479335

https://bugzilla.redhat.com/show_bug.cgi?id=1480041

https://bugzilla.redhat.com/show_bug.cgi?id=1480042

https://bugzilla.redhat.com/show_bug.cgi?id=1480188

https://bugzilla.redhat.com/show_bug.cgi?id=1482376

https://bugzilla.redhat.com/show_bug.cgi?id=1482812

https://bugzilla.redhat.com/show_bug.cgi?id=1483541

https://bugzilla.redhat.com/show_bug.cgi?id=1483730

https://bugzilla.redhat.com/show_bug.cgi?id=1483828

https://bugzilla.redhat.com/show_bug.cgi?id=1484113

https://bugzilla.redhat.com/show_bug.cgi?id=1484446

https://bugzilla.redhat.com/show_bug.cgi?id=1487495

https://bugzilla.redhat.com/show_bug.cgi?id=1488120

https://bugzilla.redhat.com/show_bug.cgi?id=1489876

https://bugzilla.redhat.com/show_bug.cgi?id=1491785

https://bugzilla.redhat.com/show_bug.cgi?id=1492591

https://bugzilla.redhat.com/show_bug.cgi?id=1492782

https://bugzilla.redhat.com/show_bug.cgi?id=1493085

https://bugzilla.redhat.com/show_bug.cgi?id=1495161

https://bugzilla.redhat.com/show_bug.cgi?id=1498391

https://bugzilla.redhat.com/show_bug.cgi?id=1498730

https://bugzilla.redhat.com/show_bug.cgi?id=1499644

https://bugzilla.redhat.com/show_bug.cgi?id=1499784

https://bugzilla.redhat.com/show_bug.cgi?id=1499865

https://bugzilla.redhat.com/show_bug.cgi?id=1500704

https://bugzilla.redhat.com/show_bug.cgi?id=1501013

https://bugzilla.redhat.com/show_bug.cgi?id=1501023

https://bugzilla.redhat.com/show_bug.cgi?id=1501253

https://bugzilla.redhat.com/show_bug.cgi?id=1501345

https://bugzilla.redhat.com/show_bug.cgi?id=1501885

https://bugzilla.redhat.com/show_bug.cgi?id=1502812

https://bugzilla.redhat.com/show_bug.cgi?id=1503167

https://bugzilla.redhat.com/show_bug.cgi?id=1503173

https://bugzilla.redhat.com/show_bug.cgi?id=1503174

https://bugzilla.redhat.com/show_bug.cgi?id=1503244

https://bugzilla.redhat.com/show_bug.cgi?id=1504234

https://bugzilla.redhat.com/show_bug.cgi?id=1505363

https://bugzilla.redhat.com/show_bug.cgi?id=1507361

https://bugzilla.redhat.com/show_bug.cgi?id=1507394

https://bugzilla.redhat.com/show_bug.cgi?id=1508780

https://bugzilla.redhat.com/show_bug.cgi?id=1508999

https://bugzilla.redhat.com/show_bug.cgi?id=1509102

https://bugzilla.redhat.com/show_bug.cgi?id=1509191

https://bugzilla.redhat.com/show_bug.cgi?id=1509810

https://bugzilla.redhat.com/show_bug.cgi?id=1509830

https://bugzilla.redhat.com/show_bug.cgi?id=1509833

https://bugzilla.redhat.com/show_bug.cgi?id=1510725

https://bugzilla.redhat.com/show_bug.cgi?id=1511766

https://bugzilla.redhat.com/show_bug.cgi?id=1511767

https://bugzilla.redhat.com/show_bug.cgi?id=1512496

https://bugzilla.redhat.com/show_bug.cgi?id=1512963

https://bugzilla.redhat.com/show_bug.cgi?id=1515051

https://bugzilla.redhat.com/show_bug.cgi?id=1516249

https://bugzilla.redhat.com/show_bug.cgi?id=1517463

https://bugzilla.redhat.com/show_bug.cgi?id=1517987

https://bugzilla.redhat.com/show_bug.cgi?id=1518260

https://bugzilla.redhat.com/show_bug.cgi?id=1519076

https://bugzilla.redhat.com/show_bug.cgi?id=1519740

https://bugzilla.redhat.com/show_bug.cgi?id=1520767

https://bugzilla.redhat.com/show_bug.cgi?id=1522833

https://bugzilla.redhat.com/show_bug.cgi?id=1523216

https://bugzilla.redhat.com/show_bug.cgi?id=1527309

https://bugzilla.redhat.com/show_bug.cgi?id=1528566

https://bugzilla.redhat.com/show_bug.cgi?id=1528733

https://bugzilla.redhat.com/show_bug.cgi?id=1529072

https://bugzilla.redhat.com/show_bug.cgi?id=1529451

https://bugzilla.redhat.com/show_bug.cgi?id=1530146

https://bugzilla.redhat.com/show_bug.cgi?id=1530325

https://bugzilla.redhat.com/show_bug.cgi?id=1530512

https://bugzilla.redhat.com/show_bug.cgi?id=1530519

https://bugzilla.redhat.com/show_bug.cgi?id=1531041

https://bugzilla.redhat.com/show_bug.cgi?id=1534253

https://bugzilla.redhat.com/show_bug.cgi?id=1534530

https://bugzilla.redhat.com/show_bug.cgi?id=1535281

https://bugzilla.redhat.com/show_bug.cgi?id=1535852

https://bugzilla.redhat.com/show_bug.cgi?id=1537357

https://bugzilla.redhat.com/show_bug.cgi?id=1538366

https://bugzilla.redhat.com/show_bug.cgi?id=1539699

https://bugzilla.redhat.com/show_bug.cgi?id=1540600

https://bugzilla.redhat.com/show_bug.cgi?id=1540664

https://bugzilla.redhat.com/show_bug.cgi?id=1540908

https://bugzilla.redhat.com/show_bug.cgi?id=1540961

https://bugzilla.redhat.com/show_bug.cgi?id=1541122

https://bugzilla.redhat.com/show_bug.cgi?id=1541830

https://bugzilla.redhat.com/show_bug.cgi?id=1541932

https://bugzilla.redhat.com/show_bug.cgi?id=1543068

https://bugzilla.redhat.com/show_bug.cgi?id=1543296

https://bugzilla.redhat.com/show_bug.cgi?id=1544382

https://bugzilla.redhat.com/show_bug.cgi?id=1544451

https://bugzilla.redhat.com/show_bug.cgi?id=1544824

https://bugzilla.redhat.com/show_bug.cgi?id=1544852

https://bugzilla.redhat.com/show_bug.cgi?id=1545277

https://bugzilla.redhat.com/show_bug.cgi?id=1545486

https://bugzilla.redhat.com/show_bug.cgi?id=1545523

https://bugzilla.redhat.com/show_bug.cgi?id=1545570

https://bugzilla.redhat.com/show_bug.cgi?id=1546075

https://bugzilla.redhat.com/show_bug.cgi?id=1546717

https://bugzilla.redhat.com/show_bug.cgi?id=1546941

https://bugzilla.redhat.com/show_bug.cgi?id=1546945

https://bugzilla.redhat.com/show_bug.cgi?id=1546960

https://bugzilla.redhat.com/show_bug.cgi?id=1547012

https://bugzilla.redhat.com/show_bug.cgi?id=1547903

https://bugzilla.redhat.com/show_bug.cgi?id=1548337

https://bugzilla.redhat.com/show_bug.cgi?id=1548829

https://bugzilla.redhat.com/show_bug.cgi?id=1549023

https://bugzilla.redhat.com/show_bug.cgi?id=1550315

https://bugzilla.redhat.com/show_bug.cgi?id=1550474

https://bugzilla.redhat.com/show_bug.cgi?id=1550771

https://bugzilla.redhat.com/show_bug.cgi?id=1550896

https://bugzilla.redhat.com/show_bug.cgi?id=1550918

https://bugzilla.redhat.com/show_bug.cgi?id=1550982

https://bugzilla.redhat.com/show_bug.cgi?id=1550991

https://bugzilla.redhat.com/show_bug.cgi?id=1551186

https://bugzilla.redhat.com/show_bug.cgi?id=1552360

https://bugzilla.redhat.com/show_bug.cgi?id=1552414

https://bugzilla.redhat.com/show_bug.cgi?id=1552425

https://bugzilla.redhat.com/show_bug.cgi?id=1553677

https://bugzilla.redhat.com/show_bug.cgi?id=1554291

https://bugzilla.redhat.com/show_bug.cgi?id=1554905

https://bugzilla.redhat.com/show_bug.cgi?id=1555261

https://bugzilla.redhat.com/show_bug.cgi?id=1556895

https://bugzilla.redhat.com/show_bug.cgi?id=1557297

https://bugzilla.redhat.com/show_bug.cgi?id=1557365

https://bugzilla.redhat.com/show_bug.cgi?id=1557551

https://bugzilla.redhat.com/show_bug.cgi?id=1558433

https://bugzilla.redhat.com/show_bug.cgi?id=1558463

https://bugzilla.redhat.com/show_bug.cgi?id=1558515

https://bugzilla.redhat.com/show_bug.cgi?id=1558517

https://bugzilla.redhat.com/show_bug.cgi?id=1558948

https://bugzilla.redhat.com/show_bug.cgi?id=1558989

https://bugzilla.redhat.com/show_bug.cgi?id=1558990

https://bugzilla.redhat.com/show_bug.cgi?id=1558991

https://bugzilla.redhat.com/show_bug.cgi?id=1558993

https://bugzilla.redhat.com/show_bug.cgi?id=1558994

https://bugzilla.redhat.com/show_bug.cgi?id=1558995

https://bugzilla.redhat.com/show_bug.cgi?id=1559084

https://bugzilla.redhat.com/show_bug.cgi?id=1559452

https://bugzilla.redhat.com/show_bug.cgi?id=1559788

https://bugzilla.redhat.com/show_bug.cgi?id=1559831

https://bugzilla.redhat.com/show_bug.cgi?id=1559884

https://bugzilla.redhat.com/show_bug.cgi?id=1559886

https://bugzilla.redhat.com/show_bug.cgi?id=1560955

https://bugzilla.redhat.com/show_bug.cgi?id=1561733

https://bugzilla.redhat.com/show_bug.cgi?id=1561999

https://bugzilla.redhat.com/show_bug.cgi?id=1562744

https://bugzilla.redhat.com/show_bug.cgi?id=1563692

https://bugzilla.redhat.com/show_bug.cgi?id=1563804

https://bugzilla.redhat.com/show_bug.cgi?id=1565015

https://bugzilla.redhat.com/show_bug.cgi?id=1565119

https://bugzilla.redhat.com/show_bug.cgi?id=1565399

https://bugzilla.redhat.com/show_bug.cgi?id=1565577

https://bugzilla.redhat.com/show_bug.cgi?id=1565962

https://bugzilla.redhat.com/show_bug.cgi?id=1566336

https://bugzilla.redhat.com/show_bug.cgi?id=1567001

https://bugzilla.redhat.com/show_bug.cgi?id=1567100

https://bugzilla.redhat.com/show_bug.cgi?id=1567110

https://bugzilla.redhat.com/show_bug.cgi?id=1567899

https://bugzilla.redhat.com/show_bug.cgi?id=1568297

https://bugzilla.redhat.com/show_bug.cgi?id=1568374

https://bugzilla.redhat.com/show_bug.cgi?id=1568655

https://bugzilla.redhat.com/show_bug.cgi?id=1568896

https://bugzilla.redhat.com/show_bug.cgi?id=1569457

https://bugzilla.redhat.com/show_bug.cgi?id=1569490

https://bugzilla.redhat.com/show_bug.cgi?id=1569951

https://bugzilla.redhat.com/show_bug.cgi?id=1570514

https://bugzilla.redhat.com/show_bug.cgi?id=1570541

https://bugzilla.redhat.com/show_bug.cgi?id=1570582

https://bugzilla.redhat.com/show_bug.cgi?id=1570586

https://bugzilla.redhat.com/show_bug.cgi?id=1571645

https://bugzilla.redhat.com/show_bug.cgi?id=1572043

https://bugzilla.redhat.com/show_bug.cgi?id=1572075

https://bugzilla.redhat.com/show_bug.cgi?id=1572087

https://bugzilla.redhat.com/show_bug.cgi?id=1572570

https://bugzilla.redhat.com/show_bug.cgi?id=1572585

https://bugzilla.redhat.com/show_bug.cgi?id=1575539

https://bugzilla.redhat.com/show_bug.cgi?id=1575555

https://bugzilla.redhat.com/show_bug.cgi?id=1575557

https://bugzilla.redhat.com/show_bug.cgi?id=1575840

https://bugzilla.redhat.com/show_bug.cgi?id=1575877

https://bugzilla.redhat.com/show_bug.cgi?id=1575895

https://bugzilla.redhat.com/show_bug.cgi?id=1577051

https://bugzilla.redhat.com/show_bug.cgi?id=1578647

https://bugzilla.redhat.com/show_bug.cgi?id=1579981

https://bugzilla.redhat.com/show_bug.cgi?id=1580120

https://bugzilla.redhat.com/show_bug.cgi?id=1580344

https://bugzilla.redhat.com/show_bug.cgi?id=1581047

https://bugzilla.redhat.com/show_bug.cgi?id=1581057

https://bugzilla.redhat.com/show_bug.cgi?id=1581184

https://bugzilla.redhat.com/show_bug.cgi?id=1581219

https://bugzilla.redhat.com/show_bug.cgi?id=1581231

https://bugzilla.redhat.com/show_bug.cgi?id=1581553

https://bugzilla.redhat.com/show_bug.cgi?id=1581647

https://bugzilla.redhat.com/show_bug.cgi?id=1582066

https://bugzilla.redhat.com/show_bug.cgi?id=1582119

https://bugzilla.redhat.com/show_bug.cgi?id=1582417

https://bugzilla.redhat.com/show_bug.cgi?id=1583047

https://bugzilla.redhat.com/show_bug.cgi?id=1588408

https://bugzilla.redhat.com/show_bug.cgi?id=1592666

https://bugzilla.redhat.com/show_bug.cgi?id=1593865

https://bugzilla.redhat.com/show_bug.cgi?id=1594658

https://bugzilla.redhat.com/show_bug.cgi?id=1597506

https://bugzilla.redhat.com/show_bug.cgi?id=1597511

https://bugzilla.redhat.com/show_bug.cgi?id=1597654

https://bugzilla.redhat.com/show_bug.cgi?id=1597768

https://bugzilla.redhat.com/show_bug.cgi?id=1598105

https://bugzilla.redhat.com/show_bug.cgi?id=1598356

https://bugzilla.redhat.com/show_bug.cgi?id=1598384

https://bugzilla.redhat.com/show_bug.cgi?id=1599037

https://bugzilla.redhat.com/show_bug.cgi?id=1599362

https://bugzilla.redhat.com/show_bug.cgi?id=1599823

https://bugzilla.redhat.com/show_bug.cgi?id=1599998

https://bugzilla.redhat.com/show_bug.cgi?id=1600057

https://bugzilla.redhat.com/show_bug.cgi?id=1600790

https://bugzilla.redhat.com/show_bug.cgi?id=1601245

https://bugzilla.redhat.com/show_bug.cgi?id=1601298

https://bugzilla.redhat.com/show_bug.cgi?id=1601314

https://bugzilla.redhat.com/show_bug.cgi?id=1601331

https://bugzilla.redhat.com/show_bug.cgi?id=1601642

https://bugzilla.redhat.com/show_bug.cgi?id=1601657

https://bugzilla.redhat.com/show_bug.cgi?id=1607617

https://bugzilla.redhat.com/show_bug.cgi?id=1607618

https://bugzilla.redhat.com/show_bug.cgi?id=1608352

https://bugzilla.redhat.com/show_bug.cgi?id=1609163

https://bugzilla.redhat.com/show_bug.cgi?id=1609724

https://bugzilla.redhat.com/show_bug.cgi?id=1610659

https://bugzilla.redhat.com/show_bug.cgi?id=1611151

https://bugzilla.redhat.com/show_bug.cgi?id=1612098

https://bugzilla.redhat.com/show_bug.cgi?id=1612658

https://bugzilla.redhat.com/show_bug.cgi?id=1612659

https://bugzilla.redhat.com/show_bug.cgi?id=1612660

https://bugzilla.redhat.com/show_bug.cgi?id=1612664

https://bugzilla.redhat.com/show_bug.cgi?id=1613143

https://bugzilla.redhat.com/show_bug.cgi?id=1615338

https://bugzilla.redhat.com/show_bug.cgi?id=1615440

https://bugzilla.redhat.com/show_bug.cgi?id=1615911

https://bugzilla.redhat.com/show_bug.cgi?id=1619416

https://bugzilla.redhat.com/show_bug.cgi?id=1619538

https://bugzilla.redhat.com/show_bug.cgi?id=1620469

https://bugzilla.redhat.com/show_bug.cgi?id=1620765

https://bugzilla.redhat.com/show_bug.cgi?id=1622029

https://bugzilla.redhat.com/show_bug.cgi?id=1622452

Plugin Details

Severity: High

ID: 117317

File Name: redhat-RHSA-2018-2607.nasl

Version: 1.9

Type: local

Agent: unix

Published: 9/6/2018

Updated: 11/5/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2018-10929

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:glusterfs-cli, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:glusterfs-ganesha, p-cpe:/a:redhat:enterprise_linux:glusterfs-libs, p-cpe:/a:redhat:enterprise_linux:glusterfs-api-devel, p-cpe:/a:redhat:enterprise_linux:glusterfs-devel, p-cpe:/a:redhat:enterprise_linux:glusterfs-fuse, p-cpe:/a:redhat:enterprise_linux:glusterfs-rdma, p-cpe:/a:redhat:enterprise_linux:python2-gluster, p-cpe:/a:redhat:enterprise_linux:redhat-release-server, p-cpe:/a:redhat:enterprise_linux:redhat-storage-server, p-cpe:/a:redhat:enterprise_linux:glusterfs-api, p-cpe:/a:redhat:enterprise_linux:glusterfs, p-cpe:/a:redhat:enterprise_linux:glusterfs-geo-replication, p-cpe:/a:redhat:enterprise_linux:glusterfs-server, p-cpe:/a:redhat:enterprise_linux:glusterfs-events, p-cpe:/a:redhat:enterprise_linux:glusterfs-resource-agents, p-cpe:/a:redhat:enterprise_linux:glusterfs-client-xlators

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 1/7/2019

Vulnerability Publication Date: 9/4/2018

Reference Information

CVE: CVE-2018-10904, CVE-2018-10907, CVE-2018-10911, CVE-2018-10913, CVE-2018-10914, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930

CWE: 121, 20, 200, 209, 426, 476, 59

RHSA: 2018:2607