UbuntuUpdates.org

Package "glusterfs-cli"

Name: glusterfs-cli

Description:

clustered file-system (cli package)

Latest version: 10.1-1ubuntu0.2
Release: jammy (22.04)
Level: updates
Repository: main
Head package: glusterfs
Homepage: https://www.gluster.org/

Links


Download "glusterfs-cli"


Other versions of "glusterfs-cli" in Jammy

Repository Area Version
security main 10.1-1ubuntu0.2

Changelog

Version: 10.1-1ubuntu0.2 2023-11-22 18:07:45 UTC

  glusterfs (10.1-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: dht_setxattr_mds_cbk use-after-free
    - debian/patches/CVE-2022-48340.patch: use switch instead of using if
      statement in xlators/cluster/dht/src/dht-common.c.
    - CVE-2022-48340

 -- Marc Deslauriers <email address hidden> Wed, 01 Nov 2023 12:24:40 -0400

Source diff to previous version
CVE-2022-48340 In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.

Version: 10.1-1ubuntu0.1 2023-06-12 17:07:00 UTC

  glusterfs (10.1-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: notify stack-based buffer over-read
    - debian/patches/09-CVE-2023-26253.diff: access the graph->id only
      while an event is associated specifically to fuse xlator in
      xlators/mount/fuse/src/fuse-bridge.c.
    - CVE-2023-26253

 -- Marc Deslauriers <email address hidden> Wed, 07 Jun 2023 11:14:00 -0400

CVE-2023-26253 In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.



About   -   Send Feedback to @ubuntu_updates