[RHSA-2017:0484-01] Moderate: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update
bugzilla at redhat.com
bugzilla at redhat.com
Thu Mar 23 07:24:18 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update
Advisory ID: RHSA-2017:0484-01
Product: Red Hat Gluster Storage
Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0484.html
Issue date: 2017-03-23
CVE Names: CVE-2015-1795
=====================================================================
1. Summary:
An update is now available for Red Hat Gluster Storage 3.2 on Red Hat
Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Gluster Storage Server 3.2 on RHEL-6 - noarch, x86_64
Red Hat Storage Native Client for Red Hat Enterprise Linux 6 - noarch, x86_64
3. Description:
Red Hat Gluster Storage is a software only scale-out storage solution that
provides flexible and affordable unstructured data storage. It unifies data
storage and infrastructure, increases performance, and improves
availability and manageability to meet enterprise-level storage challenges.
The following packages have been upgraded to a later upstream version:
glusterfs (3.8.4), redhat-storage-server (3.2.0.3). (BZ#1362373)
Security Fix(es):
* It was found that glusterfs-server RPM package would write file with
predictable name into world readable /tmp directory. A local attacker could
potentially use this flaw to escalate their privileges to root by modifying
the shell script during the installation of the glusterfs-server package.
(CVE-2015-1795)
This issue was discovered by Florian Weimer of Red Hat Product Security.
Bug Fix(es):
* Bricks remain stopped if server quorum is no longer met, or if server
quorum is disabled, to ensure that bricks in maintenance are not started
incorrectly. (BZ#1340995)
* The metadata cache translator has been updated to improve Red Hat Gluster
Storage performance when reading small files. (BZ#1427783)
* The 'gluster volume add-brick' command is no longer allowed when the
replica count has increased and any replica bricks are unavailable.
(BZ#1404989)
* Split-brain resolution commands work regardless of whether client-side
heal or the self-heal daemon are enabled. (BZ#1403840)
Enhancement(s):
* Red Hat Gluster Storage now provides Transport Layer Security support for
Samba and NFS-Ganesha. (BZ#1340608, BZ#1371475)
* A new reset-sync-time option enables resetting the sync time attribute to
zero when required. (BZ#1205162)
* Tiering demotions are now triggered at most 5 seconds after a
hi-watermark breach event. Administrators can use the
cluster.tier-query-limit volume parameter to specify the number of records
extracted from the heat database during demotion. (BZ#1361759)
* The /var/log/glusterfs/etc-glusterfs-glusterd.vol.log file is now named
/var/log/glusterfs/glusterd.log. (BZ#1306120)
* The 'gluster volume attach-tier/detach-tier' commands are considered
deprecated in favor of the new commands, 'gluster volume tier VOLNAME
attach/detach'. (BZ#1388464)
* The HA_VOL_SERVER parameter in the ganesha-ha.conf file is no longer used
by Red Hat Gluster Storage. (BZ#1348954)
* The volfile server role can now be passed to another server when a server
is unavailable. (BZ#1351949)
* Ports can now be reused when they stop being used by another service.
(BZ#1263090)
* The thread pool limit for the rebalance process is now dynamic, and is
determined based on the number of available cores. (BZ#1352805)
* Brick verification at reboot now uses UUID instead of brick path.
(BZ#1336267)
* LOGIN_NAME_MAX is now used as the maximum length for the slave user
instead of __POSIX_LOGIN_NAME_MAX, allowing for up to 256 characters
including the NULL byte. (BZ#1400365)
* The client identifier is now included in the log message to make it
easier to determine which client failed to connect. (BZ#1333885)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1200927 - CVE-2015-1795 glusterfs: glusterfs-server %pretrans rpm script temporary file issue
1362373 - [RHEL6] Rebase glusterfs at RHGS-3.2.0 release
1375059 - [RHEL-6] Include vdsm and related dependency packages at RHGS 3.2.0 ISO
1382319 - [RHEL6] SELinux prevents FUSE mounting of RDMA transport type volumes
1403587 - [Perf] : pcs cluster resources went into stopped state during Multithreaded perf tests on RHGS layered over RHEL 6
1403919 - [Ganesha] : pcs status is not the same across the ganesha cluster in RHEL 6 environment
1404551 - Lower version of packages subscription-manager, python-rhsm found in RHGS3.2 RHEL6 ISO.
1424944 - [Ganesha] : Unable to bring up a Ganesha HA cluster on RHEL 6.9.
1425748 - [GANESHA] Adding a node to existing ganesha cluster is failing on rhel 6.9
1432972 - /etc/pki/product/69.pem shows version as 6.8 for RHGS3.2.0(6.9)
6. Package List:
Red Hat Gluster Storage Server 3.2 on RHEL-6:
Source:
glusterfs-3.8.4-18.el6rhs.src.rpm
redhat-storage-server-3.2.0.3-1.el6rhs.src.rpm
noarch:
python-gluster-3.8.4-18.el6rhs.noarch.rpm
redhat-storage-server-3.2.0.3-1.el6rhs.noarch.rpm
x86_64:
glusterfs-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-api-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-api-devel-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-cli-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-client-xlators-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-debuginfo-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-devel-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-events-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-fuse-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-ganesha-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-geo-replication-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-libs-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-rdma-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-server-3.8.4-18.el6rhs.x86_64.rpm
Red Hat Storage Native Client for Red Hat Enterprise Linux 6:
Source:
glusterfs-3.8.4-18.el6.src.rpm
noarch:
python-gluster-3.8.4-18.el6.noarch.rpm
x86_64:
glusterfs-3.8.4-18.el6.x86_64.rpm
glusterfs-api-3.8.4-18.el6.x86_64.rpm
glusterfs-api-devel-3.8.4-18.el6.x86_64.rpm
glusterfs-cli-3.8.4-18.el6.x86_64.rpm
glusterfs-client-xlators-3.8.4-18.el6.x86_64.rpm
glusterfs-debuginfo-3.8.4-18.el6.x86_64.rpm
glusterfs-devel-3.8.4-18.el6.x86_64.rpm
glusterfs-fuse-3.8.4-18.el6.x86_64.rpm
glusterfs-libs-3.8.4-18.el6.x86_64.rpm
glusterfs-rdma-3.8.4-18.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-1795
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.2/html/3.2_release_notes/
8. Contact:
The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFY03feXlSAg2UNWIIRAi0IAKCAPNVKyHaPOco5w6QEeh8tB+oAfgCff5vP
dPfGgxihI4HOWaOS0LIXdPo=
=UX0C
-----END PGP SIGNATURE-----
More information about the RHSA-announce
mailing list