Bug#880017: marked as done (glusterfs: CVE-2017-15096: Null pointer dereference)

Debian Bug Tracking System Tue, 07 Nov 2017 02:09:38 -0800

Your message dated Tue, 07 Nov 2017 10:05:13 +0000
with message-id <[email protected]>
and subject line Bug#880017: fixed in glusterfs 3.12.2-2
has caused the Debian Bug report #880017,
regarding glusterfs: CVE-2017-15096: Null pointer dereference
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
880017: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880017
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: glusterfs
Version: 3.12.1-1
Severity: important
Tags: patch security upstream
Forwarded: https://bugzilla.redhat.com/show_bug.cgi?id=1502928

Hi,

the following vulnerability was published for glusterfs.

CVE-2017-15096[0]:
| A flaw was found in GlusterFS in versions prior to 3.10. A null
| pointer dereference in send_brick_req function in
| glusterfsd/src/gf_attach.c may be used to cause denial of service.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15096
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15096
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1502928
[2] 
http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: glusterfs
Source-Version: 3.12.2-2

We believe that the bug you reported is fixed in the latest version of
glusterfs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi <[email protected]> (supplier of updated glusterfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 Nov 2017 09:27:58 +0100
Source: glusterfs
Binary: glusterfs-client glusterfs-server glusterfs-common
Architecture: source amd64
Version: 3.12.2-2
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <[email protected]>
Changed-By: Patrick Matthäi <[email protected]>
Description:
 glusterfs-client - clustered file-system (client package)
 glusterfs-common - GlusterFS common libraries and translator modules
 glusterfs-server - clustered file-system (server package)
Closes: 880017
Changes:
 glusterfs (3.12.2-2) unstable; urgency=high
 .
   * Add patch 03-CVE-2017-15096 to realy fix CVE-2017-15096 now.
     Closes: #880017
Checksums-Sha1:
 cd414b86672a6c47605350b0c8ce8066dba2a283 2215 glusterfs_3.12.2-2.dsc
 9d9c7fcd19e380729e857f3b9a2ed67c28d7e89c 16760 glusterfs_3.12.2-2.debian.tar.xz
 358fc4f7c8616361535c214242954c4fda112e83 32704 
glusterfs-client-dbgsym_3.12.2-2_amd64.deb
 b51ada4b0645b2aa5971c70c0d6183e1a2e492f7 4335168 
glusterfs-client_3.12.2-2_amd64.deb
 0468b21cd5d77f885249af5b8fc899050ca39bc1 13426504 
glusterfs-common-dbgsym_3.12.2-2_amd64.deb
 2472b4529287a97a33d3e992c3a5bb53ef661f9c 7327364 
glusterfs-common_3.12.2-2_amd64.deb
 72220a28326d90f8c80853fcceb73c7fc2bf3893 618160 
glusterfs-server-dbgsym_3.12.2-2_amd64.deb
 19fc26e8c3efd6ac5a9fa461c8798536592d0f1b 4499648 
glusterfs-server_3.12.2-2_amd64.deb
 63bc8e565cadf10783e837acb5b44fe98c343bbb 9907 
glusterfs_3.12.2-2_amd64.buildinfo
Checksums-Sha256:
 27063f41dea0e84ffe4c339c885011854b4c90247c11d30ff82b155ada8b3912 2215 
glusterfs_3.12.2-2.dsc
 df1c8ecc356deeb40069875124ad9d8c9e898d76a78e26513d39cb968476450a 16760 
glusterfs_3.12.2-2.debian.tar.xz
 d35824fec7d49352cf3bac32892cd46765be1091cc339cd6cdaab80b1b1d9ee7 32704 
glusterfs-client-dbgsym_3.12.2-2_amd64.deb
 c84bd4fc5105c855563fe4f931fb981a02e23f634233d3f6c5e00c3fbd26a258 4335168 
glusterfs-client_3.12.2-2_amd64.deb
 a8d62a3e5f9008ed6ad94a1b7c2fc47edc96b1869e41b009d9e279ac405fcb1c 13426504 
glusterfs-common-dbgsym_3.12.2-2_amd64.deb
 7efa052c083f5f5000269f1e8270c2d4dd2c2f8e44747da514d626e930609f20 7327364 
glusterfs-common_3.12.2-2_amd64.deb
 7f3d15cc29dca86f6b8a81892974ca91bbb072ebc8e8be9bcc0b5610c371d102 618160 
glusterfs-server-dbgsym_3.12.2-2_amd64.deb
 fd0b6badf0a47720a1f71ad2ad3457e3f5ab2ab672cffd6748db26b4d2091f9c 4499648 
glusterfs-server_3.12.2-2_amd64.deb
 1b463ea4abe9c9513a34ee1f6df9fd968c5809739d0a880b53014f112e4b1b3c 9907 
glusterfs_3.12.2-2_amd64.buildinfo
Files:
 868cf6295f5c295287c73a262cce52b2 2215 admin optional glusterfs_3.12.2-2.dsc
 50b1233d1d2c013acf6423ee89263775 16760 admin optional 
glusterfs_3.12.2-2.debian.tar.xz
 baa343945e6213159be21f221187930e 32704 debug optional 
glusterfs-client-dbgsym_3.12.2-2_amd64.deb
 4aa741631e08f55972a8eb86a6312dc0 4335168 admin optional 
glusterfs-client_3.12.2-2_amd64.deb
 d25158cb845ed93f76c8ed97420ccc03 13426504 debug optional 
glusterfs-common-dbgsym_3.12.2-2_amd64.deb
 5fcaf0a4cfbd8b7ebeed6fbbb26d6c98 7327364 admin optional 
glusterfs-common_3.12.2-2_amd64.deb
 2b4d4e4a239bf66f40f4fb5f6c864096 618160 debug optional 
glusterfs-server-dbgsym_3.12.2-2_amd64.deb
 6cb4a9c22194882066553150518f821a 4499648 admin optional 
glusterfs-server_3.12.2-2_amd64.deb
 ab191bbda125cdd4e69c74f772a7c6ba 9907 admin optional 
glusterfs_3.12.2-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAloBf+gACgkQEtmwSpDL
2OSIyg//Qor+mU9xfZcKz0zhVG0b81kLvUDqTMFfUax7OfwxEaAgwmZ7AEZONcOO
CTIzHEPbnUFsj5p1nYaCNbcNT7BdEmVgmE6BUK/ViKEEaU1ER6KPRt0HqDfbdESM
ej0yVpAfl5gNqO+WIZVWCQRaPHiO3r4uiT5TaIR7GVcFk0I5dEXJYvj0W0zudn0B
3vdWCP9xtCLKMGZ9YzDUM9jkI3MWs+xa5KUHKwe/Hfh66S8/OV1bAcz2XLwRen2y
vAIFMt9xWAmqDw4MszC86J+gSSXK3o+lGmVG5YhdYpC7FhAF0STWMTkoccvoXAqA
gfLBg2cA/QjALPSAuluaSmB+kCxMKLiETTrH14iLQJPDtydJ6QLYHI9xL+PDPOyq
Yyq69ptt4xW+wFwMW31nsrgPmb0CgXavD+Z/4dEyaM+cw9FmH+CRTZgNVXtqbtoH
LhIBUcOJV46Znq0J9Opg476JsoIkWMi0GAXWOwPSZJEM3wYy0ms6E06kL1XqCwAg
i3tmGiXlwshJKHCT5/cmCbEB7u00bOcha1viUBsWpTRHg5yWPRBYOK3IMgExKZP0
CByHh+YK2yeeNdoKPJ0PVsyyeoWaGt6szhyCzZhcbxyWs2yiPOd9a/SmGmW3BE3l
LpqbwzXenftH9q3ogkCQN3W105MznULnip0rJg/aHuJ7zqCSG80=
=5NWS
-----END PGP SIGNATURE-----

--- End Message ---

Bug#880017: marked as done (glusterfs: CVE-2017-15096: Null pointer dereference)

Reply via email to