Headline
Ubuntu Security Notice USN-5989-1
Ubuntu Security Notice 5989-1 - Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service.
==========================================================================Ubuntu Security Notice USN-5989-1March 30, 2023glusterfs vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:GlusterFS could be made to crash if it received a speciallycrafted request.Software Description:- glusterfs: clustered file-systemDetails:Tao Lyu discovered that GlusterFS did not properly handle certainevent notifications. An attacker could possibly use this issue tocause a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM: glusterfs-client 3.7.6-1ubuntu1+esm2 glusterfs-common 3.7.6-1ubuntu1+esm2 glusterfs-server 3.7.6-1ubuntu1+esm2In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5989-1 CVE-2023-26253Related news
Ubuntu Security Notice USN-6157-1
Ubuntu Security Notice 6157-1 - Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service.
CVE-2023-26253: AddressSanitizer: stack-buffer-overflow in notify at glusterfs/xlators/mount/fuse/src/fuse-bridge.c · Issue #3954 · gluster/glusterfs
In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.