Your message dated Wed, 25 Apr 2018 15:51:56 +0000 with message-id <e1fbmi4-0002nj...@fasolo.debian.org> and subject line Bug#896128: fixed in glusterfs 4.0.2-1 has caused the Debian Bug report #896128, regarding glusterfs: CVE-2018-1088 privilege escalation flaw to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 896128: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896128 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: glusterfs X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for glusterfs. CVE-2018-1088[0]: | A privilege escalation flaw was found in gluster 3.x snapshot | scheduler. Any gluster client allowed to mount gluster volumes could | also mount shared gluster storage volume and escalate privileges by | scheduling malicious cronjob via symlink. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1088 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1088 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: glusterfs Source-Version: 4.0.2-1 We believe that the bug you reported is fixed in the latest version of glusterfs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 896...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Patrick Matthäi <pmatth...@debian.org> (supplier of updated glusterfs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 25 Apr 2018 15:27:23 +0200 Source: glusterfs Binary: glusterfs-client glusterfs-server glusterfs-common Architecture: source amd64 Version: 4.0.2-1 Distribution: unstable Urgency: high Maintainer: Patrick Matthäi <pmatth...@debian.org> Changed-By: Patrick Matthäi <pmatth...@debian.org> Description: glusterfs-client - clustered file-system (client package) glusterfs-common - GlusterFS common libraries and translator modules glusterfs-server - clustered file-system (server package) Closes: 895666 896128 Changes: glusterfs (4.0.2-1) unstable; urgency=high . * New upstream release. - Fixes privilege escalation flaw in snapshot scheduler, described in CVE-2018-1088. Closes: #896128 * Bump Standards-Version to 4.1.4. * Fix systemd unit file installation. Closes: #895666 Checksums-Sha1: 1dc68aff7ffa492d891897f4b8adf4556aa11c4e 2157 glusterfs_4.0.2-1.dsc e148403f2dc36778e1aef476f7797c7e8a911ed6 7643713 glusterfs_4.0.2.orig.tar.gz e2429e1e0c43a096efb19c229423c5e12ff0caaf 17448 glusterfs_4.0.2-1.debian.tar.xz 6bbf76924a7e382d06d67d8faf5d8b489cb27553 31932 glusterfs-client-dbgsym_4.0.2-1_amd64.deb 32ea7b5182d6e5214e9f761d3ba399ec1ee58122 2299008 glusterfs-client_4.0.2-1_amd64.deb 912f58da90ce7aa65e3a16969ef2643b2736dae8 15575500 glusterfs-common-dbgsym_4.0.2-1_amd64.deb 9775a863f19a703454cda3ce0cac2318fa2c6903 5509656 glusterfs-common_4.0.2-1_amd64.deb 63a5370a55427bee178c5728e3903a44943e283a 640520 glusterfs-server-dbgsym_4.0.2-1_amd64.deb c0fcd854dabe7fb3f17a034a178ea378914cf416 2468376 glusterfs-server_4.0.2-1_amd64.deb 93a441bea83da4212dd469f3f2a453abea4adf08 10157 glusterfs_4.0.2-1_amd64.buildinfo Checksums-Sha256: 3d17c93fad06e9e845d210921d063f309897891ee81e9c183b2aa33718600efa 2157 glusterfs_4.0.2-1.dsc ef32c64a7d2625b40657a5333447ccc5378248aa23c53283f2ca91a893f7c9f5 7643713 glusterfs_4.0.2.orig.tar.gz 091876a7fc767aaf83f81441e9271b1323061662b901f71389d9ea54bf646820 17448 glusterfs_4.0.2-1.debian.tar.xz 27fa7dff32a4993cef26a425a9f2ca6f265107ca5a87cc48345614a6b9ef1959 31932 glusterfs-client-dbgsym_4.0.2-1_amd64.deb d89c0b66c87d18e5515e9ee595a3e312641febdf40218a16ea10f90fe6dc6a40 2299008 glusterfs-client_4.0.2-1_amd64.deb 48388af173ddb54e315b9885d18bf3627f56552afe4506c4748bf71acb3c8da0 15575500 glusterfs-common-dbgsym_4.0.2-1_amd64.deb bfa09b8c56cd19475a29409f048b7ee1216697b0e0df2f21d808599e97e75811 5509656 glusterfs-common_4.0.2-1_amd64.deb 1573349db517856f76badbe621814a15453b78a71d315833949bfa55f15b89a0 640520 glusterfs-server-dbgsym_4.0.2-1_amd64.deb bab11e2f2a69fe14d1105077e6a22675f38efa5457f3dc142b8be6e4850ce4a0 2468376 glusterfs-server_4.0.2-1_amd64.deb fab7c29b26b31e2db2dd89bb9514f84ecf1e5fd0bec1c67cad0fd31aa5043a19 10157 glusterfs_4.0.2-1_amd64.buildinfo Files: 70982be6aa9cd3f28daec477900a6b64 2157 admin optional glusterfs_4.0.2-1.dsc 5f9c6fa1259cc91b22eae87f962ff0e0 7643713 admin optional glusterfs_4.0.2.orig.tar.gz bf39b4f234d3cae6bbaeecb98b8378f4 17448 admin optional glusterfs_4.0.2-1.debian.tar.xz b8960a37c2f336b17cd5d8b5bcff01b4 31932 debug optional glusterfs-client-dbgsym_4.0.2-1_amd64.deb 6153cd9721d1b829efab807c861187f5 2299008 admin optional glusterfs-client_4.0.2-1_amd64.deb c58770b263920903a9103f2130f9b9cb 15575500 debug optional glusterfs-common-dbgsym_4.0.2-1_amd64.deb 0eae4f5b39937291701ece8f1ba00f8d 5509656 admin optional glusterfs-common_4.0.2-1_amd64.deb 0654725a3b8a30cdd78f238e42c5811d 640520 debug optional glusterfs-server-dbgsym_4.0.2-1_amd64.deb fbd02bac0d615f72558e693c72d23498 2468376 admin optional glusterfs-server_4.0.2-1_amd64.deb f6e7b77ef1938f3d5a4ac816088b70d0 10157 admin optional glusterfs_4.0.2-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAlrglrcACgkQEtmwSpDL 2ORyUA/+NSSzvXx/LJ+HnalGbyKm5hbWEsDiNCpDgcGDewbBHc8q486sUvgPFQgm +53N0biwK2YIuu21E+nxlEiuDezURBkz/GdhS1NeUEUNQwjw0vL3HMq33XVpeimh VHK9Okw7Kcf29og6uXz3BeL9ajGQEMh8gMKaChIAIqpGGILEr7qw/fpnQFKO1Ncw O6GZAZEQXL3eW0UJ6nF3W6RqUfVjLNe/CNIY+mJBwbZqLB/53eLPB7F2joGpTiTM s1VQZK1MSQZOy7f4JqUbR4p9VRyCHA4N9Oy/s0SrrKbfehbzBDG5r8zZX+eBBoTE MYqKUkY1PGC2fWbTgdSfVu4xflpFV0Nsq9rxW3xISpt0rTyyLeLJG8RnsCunnauB CaKCtPNsF/WZy2I+ga5IRl1E8tukkE4aznfg2o0uheNoTTr4IDCnR6+ri9MykaYA DjxpHx84cLJvk1ZugQ8s5PlC+e+oo4beENz4OnS1tWwlgrVsdhx4c9md+2KIg1fB KjYCZD/axBt8Ef3H7YaX3sY8r8R1XxvZu8xvdv9pA43isIOb+pjgPac575T0dAvS 1GEm2zrk2Zu1UppJdMD5Ip6S/bnyDkE38HtF3zfWa77bqhcCNxDEFgxPDJv/A8Kl rkinAF80mhIY23/MNdZcePqXc8Uz9aqotG8wOSTQ/Em5dzujPDA= =WIFH -----END PGP SIGNATURE-----
--- End Message ---
