Your message dated Wed, 25 Apr 2018 15:51:56 +0000
with message-id <[email protected]>
and subject line Bug#896128: fixed in glusterfs 4.0.2-1
has caused the Debian Bug report #896128,
regarding glusterfs: CVE-2018-1088 privilege escalation flaw
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
896128: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896128
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: glusterfs
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for glusterfs.
CVE-2018-1088[0]:
| A privilege escalation flaw was found in gluster 3.x snapshot
| scheduler. Any gluster client allowed to mount gluster volumes could
| also mount shared gluster storage volume and escalate privileges by
| scheduling malicious cronjob via symlink.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-1088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1088
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: glusterfs
Source-Version: 4.0.2-1
We believe that the bug you reported is fixed in the latest version of
glusterfs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <[email protected]> (supplier of updated glusterfs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 25 Apr 2018 15:27:23 +0200
Source: glusterfs
Binary: glusterfs-client glusterfs-server glusterfs-common
Architecture: source amd64
Version: 4.0.2-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <[email protected]>
Changed-By: Patrick Matthäi <[email protected]>
Description:
glusterfs-client - clustered file-system (client package)
glusterfs-common - GlusterFS common libraries and translator modules
glusterfs-server - clustered file-system (server package)
Closes: 895666 896128
Changes:
glusterfs (4.0.2-1) unstable; urgency=high
.
* New upstream release.
- Fixes privilege escalation flaw in snapshot scheduler, described in
CVE-2018-1088.
Closes: #896128
* Bump Standards-Version to 4.1.4.
* Fix systemd unit file installation.
Closes: #895666
Checksums-Sha1:
1dc68aff7ffa492d891897f4b8adf4556aa11c4e 2157 glusterfs_4.0.2-1.dsc
e148403f2dc36778e1aef476f7797c7e8a911ed6 7643713 glusterfs_4.0.2.orig.tar.gz
e2429e1e0c43a096efb19c229423c5e12ff0caaf 17448 glusterfs_4.0.2-1.debian.tar.xz
6bbf76924a7e382d06d67d8faf5d8b489cb27553 31932
glusterfs-client-dbgsym_4.0.2-1_amd64.deb
32ea7b5182d6e5214e9f761d3ba399ec1ee58122 2299008
glusterfs-client_4.0.2-1_amd64.deb
912f58da90ce7aa65e3a16969ef2643b2736dae8 15575500
glusterfs-common-dbgsym_4.0.2-1_amd64.deb
9775a863f19a703454cda3ce0cac2318fa2c6903 5509656
glusterfs-common_4.0.2-1_amd64.deb
63a5370a55427bee178c5728e3903a44943e283a 640520
glusterfs-server-dbgsym_4.0.2-1_amd64.deb
c0fcd854dabe7fb3f17a034a178ea378914cf416 2468376
glusterfs-server_4.0.2-1_amd64.deb
93a441bea83da4212dd469f3f2a453abea4adf08 10157
glusterfs_4.0.2-1_amd64.buildinfo
Checksums-Sha256:
3d17c93fad06e9e845d210921d063f309897891ee81e9c183b2aa33718600efa 2157
glusterfs_4.0.2-1.dsc
ef32c64a7d2625b40657a5333447ccc5378248aa23c53283f2ca91a893f7c9f5 7643713
glusterfs_4.0.2.orig.tar.gz
091876a7fc767aaf83f81441e9271b1323061662b901f71389d9ea54bf646820 17448
glusterfs_4.0.2-1.debian.tar.xz
27fa7dff32a4993cef26a425a9f2ca6f265107ca5a87cc48345614a6b9ef1959 31932
glusterfs-client-dbgsym_4.0.2-1_amd64.deb
d89c0b66c87d18e5515e9ee595a3e312641febdf40218a16ea10f90fe6dc6a40 2299008
glusterfs-client_4.0.2-1_amd64.deb
48388af173ddb54e315b9885d18bf3627f56552afe4506c4748bf71acb3c8da0 15575500
glusterfs-common-dbgsym_4.0.2-1_amd64.deb
bfa09b8c56cd19475a29409f048b7ee1216697b0e0df2f21d808599e97e75811 5509656
glusterfs-common_4.0.2-1_amd64.deb
1573349db517856f76badbe621814a15453b78a71d315833949bfa55f15b89a0 640520
glusterfs-server-dbgsym_4.0.2-1_amd64.deb
bab11e2f2a69fe14d1105077e6a22675f38efa5457f3dc142b8be6e4850ce4a0 2468376
glusterfs-server_4.0.2-1_amd64.deb
fab7c29b26b31e2db2dd89bb9514f84ecf1e5fd0bec1c67cad0fd31aa5043a19 10157
glusterfs_4.0.2-1_amd64.buildinfo
Files:
70982be6aa9cd3f28daec477900a6b64 2157 admin optional glusterfs_4.0.2-1.dsc
5f9c6fa1259cc91b22eae87f962ff0e0 7643713 admin optional
glusterfs_4.0.2.orig.tar.gz
bf39b4f234d3cae6bbaeecb98b8378f4 17448 admin optional
glusterfs_4.0.2-1.debian.tar.xz
b8960a37c2f336b17cd5d8b5bcff01b4 31932 debug optional
glusterfs-client-dbgsym_4.0.2-1_amd64.deb
6153cd9721d1b829efab807c861187f5 2299008 admin optional
glusterfs-client_4.0.2-1_amd64.deb
c58770b263920903a9103f2130f9b9cb 15575500 debug optional
glusterfs-common-dbgsym_4.0.2-1_amd64.deb
0eae4f5b39937291701ece8f1ba00f8d 5509656 admin optional
glusterfs-common_4.0.2-1_amd64.deb
0654725a3b8a30cdd78f238e42c5811d 640520 debug optional
glusterfs-server-dbgsym_4.0.2-1_amd64.deb
fbd02bac0d615f72558e693c72d23498 2468376 admin optional
glusterfs-server_4.0.2-1_amd64.deb
f6e7b77ef1938f3d5a4ac816088b70d0 10157 admin optional
glusterfs_4.0.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAlrglrcACgkQEtmwSpDL
2ORyUA/+NSSzvXx/LJ+HnalGbyKm5hbWEsDiNCpDgcGDewbBHc8q486sUvgPFQgm
+53N0biwK2YIuu21E+nxlEiuDezURBkz/GdhS1NeUEUNQwjw0vL3HMq33XVpeimh
VHK9Okw7Kcf29og6uXz3BeL9ajGQEMh8gMKaChIAIqpGGILEr7qw/fpnQFKO1Ncw
O6GZAZEQXL3eW0UJ6nF3W6RqUfVjLNe/CNIY+mJBwbZqLB/53eLPB7F2joGpTiTM
s1VQZK1MSQZOy7f4JqUbR4p9VRyCHA4N9Oy/s0SrrKbfehbzBDG5r8zZX+eBBoTE
MYqKUkY1PGC2fWbTgdSfVu4xflpFV0Nsq9rxW3xISpt0rTyyLeLJG8RnsCunnauB
CaKCtPNsF/WZy2I+ga5IRl1E8tukkE4aznfg2o0uheNoTTr4IDCnR6+ri9MykaYA
DjxpHx84cLJvk1ZugQ8s5PlC+e+oo4beENz4OnS1tWwlgrVsdhx4c9md+2KIg1fB
KjYCZD/axBt8Ef3H7YaX3sY8r8R1XxvZu8xvdv9pA43isIOb+pjgPac575T0dAvS
1GEm2zrk2Zu1UppJdMD5Ip6S/bnyDkE38HtF3zfWa77bqhcCNxDEFgxPDJv/A8Kl
rkinAF80mhIY23/MNdZcePqXc8Uz9aqotG8wOSTQ/Em5dzujPDA=
=WIFH
-----END PGP SIGNATURE-----
--- End Message ---