-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update Advisory ID: RHSA-2017:0484-01 Product: Red Hat Gluster Storage Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0484.html Issue date: 2017-03-23 CVE Names: CVE-2015-1795 ===================================================================== 1. Summary: An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Gluster Storage Server 3.2 on RHEL-6 - noarch, x86_64 Red Hat Storage Native Client for Red Hat Enterprise Linux 6 - noarch, x86_64 3. Description: Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. The following packages have been upgraded to a later upstream version: glusterfs (3.8.4), redhat-storage-server (3.2.0.3). (BZ#1362373) Security Fix(es): * It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package. (CVE-2015-1795) This issue was discovered by Florian Weimer of Red Hat Product Security. Bug Fix(es): * Bricks remain stopped if server quorum is no longer met, or if server quorum is disabled, to ensure that bricks in maintenance are not started incorrectly. (BZ#1340995) * The metadata cache translator has been updated to improve Red Hat Gluster Storage performance when reading small files. (BZ#1427783) * The 'gluster volume add-brick' command is no longer allowed when the replica count has increased and any replica bricks are unavailable. (BZ#1404989) * Split-brain resolution commands work regardless of whether client-side heal or the self-heal daemon are enabled. (BZ#1403840) Enhancement(s): * Red Hat Gluster Storage now provides Transport Layer Security support for Samba and NFS-Ganesha. (BZ#1340608, BZ#1371475) * A new reset-sync-time option enables resetting the sync time attribute to zero when required. (BZ#1205162) * Tiering demotions are now triggered at most 5 seconds after a hi-watermark breach event. Administrators can use the cluster.tier-query-limit volume parameter to specify the number of records extracted from the heat database during demotion. (BZ#1361759) * The /var/log/glusterfs/etc-glusterfs-glusterd.vol.log file is now named /var/log/glusterfs/glusterd.log. (BZ#1306120) * The 'gluster volume attach-tier/detach-tier' commands are considered deprecated in favor of the new commands, 'gluster volume tier VOLNAME attach/detach'. (BZ#1388464) * The HA_VOL_SERVER parameter in the ganesha-ha.conf file is no longer used by Red Hat Gluster Storage. (BZ#1348954) * The volfile server role can now be passed to another server when a server is unavailable. (BZ#1351949) * Ports can now be reused when they stop being used by another service. (BZ#1263090) * The thread pool limit for the rebalance process is now dynamic, and is determined based on the number of available cores. (BZ#1352805) * Brick verification at reboot now uses UUID instead of brick path. (BZ#1336267) * LOGIN_NAME_MAX is now used as the maximum length for the slave user instead of __POSIX_LOGIN_NAME_MAX, allowing for up to 256 characters including the NULL byte. (BZ#1400365) * The client identifier is now included in the log message to make it easier to determine which client failed to connect. (BZ#1333885) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1200927 - CVE-2015-1795 glusterfs: glusterfs-server %pretrans rpm script temporary file issue 1362373 - [RHEL6] Rebase glusterfs at RHGS-3.2.0 release 1375059 - [RHEL-6] Include vdsm and related dependency packages at RHGS 3.2.0 ISO 1382319 - [RHEL6] SELinux prevents FUSE mounting of RDMA transport type volumes 1403587 - [Perf] : pcs cluster resources went into stopped state during Multithreaded perf tests on RHGS layered over RHEL 6 1403919 - [Ganesha] : pcs status is not the same across the ganesha cluster in RHEL 6 environment 1404551 - Lower version of packages subscription-manager, python-rhsm found in RHGS3.2 RHEL6 ISO. 1424944 - [Ganesha] : Unable to bring up a Ganesha HA cluster on RHEL 6.9. 1425748 - [GANESHA] Adding a node to existing ganesha cluster is failing on rhel 6.9 1432972 - /etc/pki/product/69.pem shows version as 6.8 for RHGS3.2.0(6.9) 6. Package List: Red Hat Gluster Storage Server 3.2 on RHEL-6: Source: glusterfs-3.8.4-18.el6rhs.src.rpm redhat-storage-server-3.2.0.3-1.el6rhs.src.rpm noarch: python-gluster-3.8.4-18.el6rhs.noarch.rpm redhat-storage-server-3.2.0.3-1.el6rhs.noarch.rpm x86_64: glusterfs-3.8.4-18.el6rhs.x86_64.rpm glusterfs-api-3.8.4-18.el6rhs.x86_64.rpm glusterfs-api-devel-3.8.4-18.el6rhs.x86_64.rpm glusterfs-cli-3.8.4-18.el6rhs.x86_64.rpm glusterfs-client-xlators-3.8.4-18.el6rhs.x86_64.rpm glusterfs-debuginfo-3.8.4-18.el6rhs.x86_64.rpm glusterfs-devel-3.8.4-18.el6rhs.x86_64.rpm glusterfs-events-3.8.4-18.el6rhs.x86_64.rpm glusterfs-fuse-3.8.4-18.el6rhs.x86_64.rpm glusterfs-ganesha-3.8.4-18.el6rhs.x86_64.rpm glusterfs-geo-replication-3.8.4-18.el6rhs.x86_64.rpm glusterfs-libs-3.8.4-18.el6rhs.x86_64.rpm glusterfs-rdma-3.8.4-18.el6rhs.x86_64.rpm glusterfs-server-3.8.4-18.el6rhs.x86_64.rpm Red Hat Storage Native Client for Red Hat Enterprise Linux 6: Source: glusterfs-3.8.4-18.el6.src.rpm noarch: python-gluster-3.8.4-18.el6.noarch.rpm x86_64: glusterfs-3.8.4-18.el6.x86_64.rpm glusterfs-api-3.8.4-18.el6.x86_64.rpm glusterfs-api-devel-3.8.4-18.el6.x86_64.rpm glusterfs-cli-3.8.4-18.el6.x86_64.rpm glusterfs-client-xlators-3.8.4-18.el6.x86_64.rpm glusterfs-debuginfo-3.8.4-18.el6.x86_64.rpm glusterfs-devel-3.8.4-18.el6.x86_64.rpm glusterfs-fuse-3.8.4-18.el6.x86_64.rpm glusterfs-libs-3.8.4-18.el6.x86_64.rpm glusterfs-rdma-3.8.4-18.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1795 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.2/html/3.2_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY03feXlSAg2UNWIIRAi0IAKCAPNVKyHaPOco5w6QEeh8tB+oAfgCff5vP dPfGgxihI4HOWaOS0LIXdPo= =UX0C -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce