Bug 1625286
Summary: | CVE-2018-10913 glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c | ||
---|---|---|---|
Product: | [Community] GlusterFS | Reporter: | Amar Tumballi <atumball> |
Component: | posix | Assignee: | bugs <bugs> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 3.12 | CC: | anoopcs, bugs, extras-qa, humble.devassy, jonathansteffan, kkeithle, matthias, ndevos, ramkrsna, sisharma |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | glusterfs-3.12.14 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | 1625102 | Environment: | |
Last Closed: | 2018-09-14 08:30:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1625074, 1625102 | ||
Bug Blocks: | 1607618 |
Description
Amar Tumballi
2018-09-04 14:49:01 UTC
REVIEW: https://review.gluster.org/21080 (posix: remove not supported get/set content) posted (#1) for review on release-3.12 by Amar Tumballi COMMIT: https://review.gluster.org/21080 committed in release-3.12 by "Amar Tumballi" <amarts> with a commit message- posix: remove not supported get/set content getting and setting a file's content using extended attribute worked great as a GET/PUT alternative when an object storage is supported on top of Gluster. But it needs application changes, and also, it skips some caching layers. It is not used over years, and not supported any more. Remove the dead code. Fixes: bz#1625286 Change-Id: Ide3b3f1f644f6ca58558bbe45561f346f96b95b7 BUG: 1625286 Signed-off-by: Amar Tumballi <amarts> This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.12.14, please open a new bug report. glusterfs-3.12.14 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] https://lists.gluster.org/pipermail/announce/2018-September/000112.html [2] https://www.gluster.org/pipermail/gluster-users/ |