USN-6157-1: GlusterFS vulnerability
12 June 2023
GlusterFS could be made to crash if it received a specially crafted request.
Releases
Packages
- glusterfs - clustered file-system
Details
Tao Lyu discovered that GlusterFS did not properly handle certain event
notifications. An attacker could possibly use this issue to cause a denial
of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
-
glusterfs-client
-
10.3-4ubuntu0.1
-
glusterfs-common
-
10.3-4ubuntu0.1
-
glusterfs-server
-
10.3-4ubuntu0.1
Ubuntu 22.10
-
glusterfs-client
-
10.2-1ubuntu0.1
-
glusterfs-common
-
10.2-1ubuntu0.1
-
glusterfs-server
-
10.2-1ubuntu0.1
Ubuntu 22.04
-
glusterfs-client
-
10.1-1ubuntu0.1
-
glusterfs-common
-
10.1-1ubuntu0.1
-
glusterfs-server
-
10.1-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5989-1: glusterfs-client, glusterfs, glusterfs-server, glusterfs-common