USN-5989-1: GlusterFS vulnerability
30 March 2023
GlusterFS could be made to crash if it received a specially crafted request.
Releases
Packages
- glusterfs - clustered file-system
Details
Tao Lyu discovered that GlusterFS did not properly handle certain
event notifications. An attacker could possibly use this issue to
cause a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
glusterfs-client
-
3.7.6-1ubuntu1+esm2
Available with Ubuntu Pro
-
glusterfs-server
-
3.7.6-1ubuntu1+esm2
Available with Ubuntu Pro
-
glusterfs-common
-
3.7.6-1ubuntu1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6157-1: libgfapi0, glusterfs-server, libgfchangelog0, libglusterfs0, libgfrpc0, glusterfs-client, libgfxdr0, libglusterd0, libglusterfs-dev, glusterfs-common, glusterfs, glusterfs-cli