Detections
Analytics
Debian DLA-2806-1 : glusterfs - LTS security update
high Nessus Plugin ID 154881
Language:
Synopsis
The remote Debian host is missing one or more security-related updates.Description
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2806 advisory.Multiple security vulnerabilities were discovered in GlusterFS, a clustered file system. Buffer overflows and path traversal issues may lead to information disclosure, denial-of-service or the execution of arbitrary code. For Debian 9 stretch, these problems have been fixed in version 3.8.8-1+deb9u1. We recommend that you upgrade your glusterfs packages. For the detailed security status of glusterfs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glusterfs Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Tenable has extracted the preceding description block directly from the Debian security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the glusterfs packages.For Debian 9 stretch, these problems have been fixed in version 3.8.8-1+deb9u1.
See Also
https://security-tracker.debian.org/tracker/CVE-2018-14661
https://packages.debian.org/source/stretch/glusterfs
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909215
https://security-tracker.debian.org/tracker/source-package/glusterfs
https://www.debian.org/lts/security/2021/dla-2806
https://security-tracker.debian.org/tracker/CVE-2018-10841
https://security-tracker.debian.org/tracker/CVE-2018-1088
https://security-tracker.debian.org/tracker/CVE-2018-10904
https://security-tracker.debian.org/tracker/CVE-2018-10907
https://security-tracker.debian.org/tracker/CVE-2018-10911
https://security-tracker.debian.org/tracker/CVE-2018-10913
https://security-tracker.debian.org/tracker/CVE-2018-10914
https://security-tracker.debian.org/tracker/CVE-2018-10923
https://security-tracker.debian.org/tracker/CVE-2018-10926
https://security-tracker.debian.org/tracker/CVE-2018-10927
https://security-tracker.debian.org/tracker/CVE-2018-10928
https://security-tracker.debian.org/tracker/CVE-2018-10929
https://security-tracker.debian.org/tracker/CVE-2018-10930
https://security-tracker.debian.org/tracker/CVE-2018-14652
https://security-tracker.debian.org/tracker/CVE-2018-14653
https://security-tracker.debian.org/tracker/CVE-2018-14654
Plugin Details
Severity: High
ID: 154881
File Name: debian_DLA-2806.nasl
Version: 1.4
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 11/3/2021
Updated: 1/24/2025
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 8.5
Temporal Score: 6.3
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C
CVSS Score Source: CVE-2018-14654
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2018-14653
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:glusterfs-dbg, p-cpe:/a:debian:debian_linux:glusterfs-common, cpe:/o:debian:debian_linux:9.0, p-cpe:/a:debian:debian_linux:glusterfs-client, p-cpe:/a:debian:debian_linux:glusterfs-server
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 11/2/2021
Vulnerability Publication Date: 4/18/2018
Reference Information
CVE: CVE-2018-10841, CVE-2018-1088, CVE-2018-10904, CVE-2018-10907, CVE-2018-10911, CVE-2018-10913, CVE-2018-10914, CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660, CVE-2018-14661