Bug#880017: glusterfs: CVE-2017-15096: Null pointer dereference
Am 06.11.2017 um 17:41 schrieb Salvatore Bonaccorso: > Control: reopen -1 > Control: found -1 3.12.1-1 > Control: found -1 3.12.2-1 > > Hi Patrick, > > On Sat, Oct 28, 2017 at 02:40:08PM +0200, Salvatore Bonaccorso wrote: >> Source: glusterfs >> Version: 3.12.1-1 >> Severity: important >> Tags: patch security upstream >> Forwarded: https://bugzilla.redhat.com/show_bug.cgi?id=1502928 >> >> Hi, >> >> the following vulnerability was published for glusterfs. >> >> CVE-2017-15096[0]: >> | A flaw was found in GlusterFS in versions prior to 3.10. A null >> | pointer dereference in send_brick_req function in >> | glusterfsd/src/gf_attach.c may be used to cause denial of service. >> >> If you fix the vulnerability please also make sure to include the >> CVE (Common Vulnerabilities & Exposures) id in your changelog entry. >> >> For further information see: >> >> [0] https://security-tracker.debian.org/tracker/CVE-2017-15096 >> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15096 >> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1502928 >> [2] >> http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac > The patch is missing to be applied though in the 3.12.2-1 version > marking the bug as fixing. Thus reopening. The issue has only > been fixed after the v3.12.2 release in release-3.12. Thanks for pointing me on this fault :/ I have uploaded a fixed package with the patch included now > > Regards, > Salvatore -- /* Mit freundlichem Gruß / With kind regards, Patrick Matthäi GNU/Linux Debian Developer Blog: http://www.linux-dev.org/ E-Mail: pmatth...@debian.org patr...@linux-dev.org */
Bug#880017: glusterfs: CVE-2017-15096: Null pointer dereference
Control: reopen -1 Control: found -1 3.12.1-1 Control: found -1 3.12.2-1 Hi Patrick, On Sat, Oct 28, 2017 at 02:40:08PM +0200, Salvatore Bonaccorso wrote: > Source: glusterfs > Version: 3.12.1-1 > Severity: important > Tags: patch security upstream > Forwarded: https://bugzilla.redhat.com/show_bug.cgi?id=1502928 > > Hi, > > the following vulnerability was published for glusterfs. > > CVE-2017-15096[0]: > | A flaw was found in GlusterFS in versions prior to 3.10. A null > | pointer dereference in send_brick_req function in > | glusterfsd/src/gf_attach.c may be used to cause denial of service. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-15096 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15096 > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1502928 > [2] > http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac The patch is missing to be applied though in the 3.12.2-1 version marking the bug as fixing. Thus reopening. The issue has only been fixed after the v3.12.2 release in release-3.12. Regards, Salvatore
Bug#880017: glusterfs: CVE-2017-15096: Null pointer dereference
Source: glusterfs Version: 3.12.1-1 Severity: important Tags: patch security upstream Forwarded: https://bugzilla.redhat.com/show_bug.cgi?id=1502928 Hi, the following vulnerability was published for glusterfs. CVE-2017-15096[0]: | A flaw was found in GlusterFS in versions prior to 3.10. A null | pointer dereference in send_brick_req function in | glusterfsd/src/gf_attach.c may be used to cause denial of service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15096 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15096 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1502928 [2] http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac Please adjust the affected versions in the BTS as needed. Regards, Salvatore