Wind River Support Network

HomeDefectsLIN10-4740

Fixed

LIN10-4740 : Security Advisory - glusterfs - CVE-2018-10907

Created: Sep 17, 2018 Updated: Dec 24, 2018

Resolved Date: Oct 15, 2018

Found In Version: 10.17.41.1

Fix Version: 10.17.41.12

Severity: Standard

Applicable for: Wind River Linux LTS 17

Component/s: Userspace

Description

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.

https://nvd.nist.gov/vuln/detail/CVE-2018-10907

Other Downloads

Wind River Linux LTS 10.17.41.12
Wind River Linux LTS 10.17.41.13
Wind River Linux LTS 10.17.41.14
Wind River Linux LTS 10.17.41.15
Wind River Linux LTS 10.17.41.16
Wind River Linux LTS 10.17.41.17
Wind River Linux LTS 10.17.41.18
Wind River Linux LTS 10.17.41.20
Wind River Linux LTS 10.17.41.21
Wind River Linux LTS 10.17.41.22
Wind River Linux LTS 10.17.41.23
Wind River Linux LTS 10.17.41.24
Wind River Linux LTS 10.17.41.25
Wind River Linux LTS 10.17.41.26
Wind River Linux LTS 10.17.41.27

CVEs

CVE-2018-10907