UbuntuUpdates.org

Package "glusterfs"

Name: glusterfs

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • clustered file-system (cli package)
  • clustered file-system (client package)
  • GlusterFS common libraries and translator modules
  • clustered file-system (server package)
Latest version: 10.3-4ubuntu0.2
Release: lunar (23.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "glusterfs" in Lunar

Repository Area Version
base main 10.3-4
security main 10.3-4ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 10.3-4ubuntu0.2 2023-11-22 18:07:54 UTC

  glusterfs (10.3-4ubuntu0.2) lunar-security; urgency=medium

  * SECURITY UPDATE: dht_setxattr_mds_cbk use-after-free
    - debian/patches/CVE-2022-48340.patch: use switch instead of using if
      statement in xlators/cluster/dht/src/dht-common.c.
    - CVE-2022-48340

 -- Marc Deslauriers <email address hidden> Wed, 01 Nov 2023 12:24:18 -0400
Source diff to previous version
CVE-2022-48340 In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.

Version: 10.3-4ubuntu0.1 2023-06-12 17:07:04 UTC

  glusterfs (10.3-4ubuntu0.1) lunar-security; urgency=medium

  * SECURITY UPDATE: notify stack-based buffer over-read
    - debian/patches/09-CVE-2023-26253.diff: access the graph->id only
      while an event is associated specifically to fuse xlator in
      xlators/mount/fuse/src/fuse-bridge.c.
    - CVE-2023-26253

 -- Marc Deslauriers <email address hidden> Wed, 07 Jun 2023 11:05:12 -0400
CVE-2023-26253 In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.


About   -   Send Feedback to @ubuntu_updates