automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-11-02 08:10:14 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-11-02 08:10:14 +0000
commit: 26747145b62d7bbc3a5f0aeec37f300e8a525d6f (patch)
tree: e722bba432397b9f4fd514cb6b3d104e692be020 /data/CVE/list.2018
parent: a91577c46a30c6d586aed6e46a9192c907d8cb36 (diff)
1 files changed, 21 insertions, 17 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 897931f1ab..e9b9a6a98f 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -17563,13 +17563,14 @@ CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327
 	NOTE: https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578
 CVE-2018-14661 (It was found that usage of snprintf function in feature/locks translat ...)
-	{DLA-1565-1}
+	{DLA-2806-1 DLA-1565-1}
 	- glusterfs 5.1-1 (bug #912997)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
 	NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127
 CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2  ...)
+	{DLA-2806-1}
 	- glusterfs 5.1-1 (bug #912997)
 	[jessie] - glusterfs <not-affected> (vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
@@ -17577,7 +17578,7 @@ CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and
 	NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=c2c70552188ee1b15bb748b4f2272062505c7696
 CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...)
-	{DLA-1565-1}
+	{DLA-2806-1 DLA-1565-1}
 	- glusterfs 5.1-1 (bug #912997)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
@@ -17595,6 +17596,7 @@ CVE-2018-14656 (A missing address check in the callers of the show_opcodes() in
 CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. Wh ...)
 	NOT-FOR-US: Keycloak
 CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse o ...)
+	{DLA-2806-1}
 	- glusterfs 5.1-1 (bug #912997)
 	[jessie] - glusterfs <not-affected> (vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
@@ -17603,7 +17605,7 @@ CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to a
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=5f4ae8a80543332a2e92dfa5c7f833ae7b93a664 (release-4.1)
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=dc775c4ae052d1e9d0f61ace3be999f73f0ffa23 (release-5)
 CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable  ...)
-	{DLA-1565-1}
+	{DLA-2806-1 DLA-1565-1}
 	- glusterfs 5.1-1 (bug #912997)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
@@ -17612,7 +17614,7 @@ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulne
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=d3ec5f5a089edb68206b5d4a469358867340d4f7
 	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13
 CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable  ...)
-	{DLA-1565-1}
+	{DLA-2806-1 DLA-1565-1}
 	- glusterfs 5.0-1 (bug #912997)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
@@ -27571,31 +27573,31 @@ CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its C
 	- cobbler <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/08/09/9
 CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...)
-	{DLA-1510-1}
+	{DLA-2806-1 DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664
 	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
 	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
 CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...)
-	{DLA-1510-1}
+	{DLA-2806-1 DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660
 	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
 	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
 CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...)
-	{DLA-1510-1}
+	{DLA-2806-1 DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659
 	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
 	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
 CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...)
-	{DLA-1510-1}
+	{DLA-2806-1 DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658
 	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
 	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
 CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by glus ...)
-	{DLA-1510-1}
+	{DLA-2806-1 DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143
 	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
@@ -27617,7 +27619,7 @@ CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client
 	NOTE: Introduced by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=51dfc9c789b8405f595a337eade938aedcb449c4
 	NOTE: https://review.gluster.org/20723
 CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create fi ...)
-	{DLA-1510-1}
+	{DLA-2806-1 DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659
 	NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e
@@ -27657,19 +27659,19 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien
 	NOTE: Fixed in 9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5
 	NOTE: https://www.postgresql.org/about/news/1878/
 CVE-2018-10914 (It was found that an attacker could issue a xattr request via glusterf ...)
-	{DLA-1510-1}
+	{DLA-2806-1 DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617
 	NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
 CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs se ...)
-	{DLA-1510-1}
+	{DLA-2806-1 DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
 	NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
 CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...)
 	NOT-FOR-US: Keycloak
 CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...)
-	{DLA-1510-1}
+	{DLA-2806-1 DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
 	NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d
@@ -27684,11 +27686,11 @@ CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state be
 	NOTE: gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89
 	NOTE: workaround in gnome-bluetooth landed in 3.28.2, BlueZ fixed in 5.51
 CVE-2018-10909
-	RESERVED
+	REJECTED
 CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on untr ...)
 	- vdsm <itp> (bug #668538)
 CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack bas ...)
-	{DLA-1510-1}
+	{DLA-2806-1 DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642
 	NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7
@@ -27701,7 +27703,7 @@ CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount i
 CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper secur ...)
 	NOT-FOR-US: Red Hat CloudForms Management Engine
 CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file pat ...)
-	{DLA-1510-1}
+	{DLA-2806-1 DLA-1510-1}
 	- glusterfs 4.1.4-1 (bug #909215)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298
 	NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd
@@ -28005,6 +28007,7 @@ CVE-2018-10843 (source-to-image component of Openshift Container Platform before
 CVE-2018-10842
 	REJECTED
 CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...)
+	{DLA-2806-1}
 	- glusterfs 4.1.2-1 (bug #901968)
 	[jessie] - glusterfs <not-affected> (vulnerable code not present)
 	NOTE: https://review.gluster.org/#/c/20328/
@@ -41682,7 +41685,7 @@ CVE-2018-5741 (To provide fine-grained controls over the ability to use Dynamic
 	NOTE: No code fix provided; Incorrect documentation of krb5-subdomain and ms-subdomain update policies.
 	NOTE: Will be adressed in 9.11.5, 9.12.3
 CVE-2018-5740 ("deny-answer-aliases" is a little-used feature intended to help recurs ...)
-	{DLA-1485-1}
+	{DLA-2807-1 DLA-1485-1}
 	- bind9 1:9.11.4.P1+dfsg-1 (bug #905743)
 	NOTE: https://kb.isc.org/article/AA-01639/74/CVE-2018-5740
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/merge_requests/607/commits
@@ -52832,6 +52835,7 @@ CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not pr
 	[stretch] - 389-ds-base <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/05/07/2
 CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...)
+	{DLA-2806-1}
 	- glusterfs 4.0.2-1 (bug #896128)
 	[jessie] - glusterfs <not-affected> (vulnerable code not present)
 	[wheezy] - glusterfs <not-affected> (vulnerable code not present)
author	security tracker role <sectracker@soriano.debian.org>	2021-11-02 08:10:14 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-11-02 08:10:14 +0000
commit	26747145b62d7bbc3a5f0aeec37f300e8a525d6f (patch)
tree	e722bba432397b9f4fd514cb6b3d104e692be020 /data/CVE/list.2018
parent	a91577c46a30c6d586aed6e46a9192c907d8cb36 (diff)