diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-11-02 08:10:14 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-11-02 08:10:14 +0000 |
commit | 26747145b62d7bbc3a5f0aeec37f300e8a525d6f (patch) | |
tree | e722bba432397b9f4fd514cb6b3d104e692be020 /data/CVE/list.2018 | |
parent | a91577c46a30c6d586aed6e46a9192c907d8cb36 (diff) |
automatic update
Diffstat (limited to 'data/CVE/list.2018')
-rw-r--r-- | data/CVE/list.2018 | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 897931f1ab..e9b9a6a98f 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -17563,13 +17563,14 @@ CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327 NOTE: https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578 CVE-2018-14661 (It was found that usage of snprintf function in feature/locks translat ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.1-1 (bug #912997) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880 NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/ NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127 CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 ...) + {DLA-2806-1} - glusterfs 5.1-1 (bug #912997) [jessie] - glusterfs <not-affected> (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 @@ -17577,7 +17578,7 @@ CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/ NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=c2c70552188ee1b15bb748b4f2272062505c7696 CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.1-1 (bug #912997) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929 @@ -17595,6 +17596,7 @@ CVE-2018-14656 (A missing address check in the callers of the show_opcodes() in CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. Wh ...) NOT-FOR-US: Keycloak CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse o ...) + {DLA-2806-1} - glusterfs 5.1-1 (bug #912997) [jessie] - glusterfs <not-affected> (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 @@ -17603,7 +17605,7 @@ CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to a NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=5f4ae8a80543332a2e92dfa5c7f833ae7b93a664 (release-4.1) NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=dc775c4ae052d1e9d0f61ace3be999f73f0ffa23 (release-5) CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.1-1 (bug #912997) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431 @@ -17612,7 +17614,7 @@ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulne NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=d3ec5f5a089edb68206b5d4a469358867340d4f7 NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13 CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.0-1 (bug #912997) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974 @@ -27571,31 +27573,31 @@ CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its C - cobbler <removed> NOTE: https://www.openwall.com/lists/oss-security/2018/08/09/9 CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by glus ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e @@ -27617,7 +27619,7 @@ CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client NOTE: Introduced by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=51dfc9c789b8405f595a337eade938aedcb449c4 NOTE: https://review.gluster.org/20723 CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create fi ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659 NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e @@ -27657,19 +27659,19 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien NOTE: Fixed in 9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5 NOTE: https://www.postgresql.org/about/news/1878/ CVE-2018-10914 (It was found that an attacker could issue a xattr request via glusterf ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617 NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs se ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618 NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...) NOT-FOR-US: Keycloak CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657 NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d @@ -27684,11 +27686,11 @@ CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state be NOTE: gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89 NOTE: workaround in gnome-bluetooth landed in 3.28.2, BlueZ fixed in 5.51 CVE-2018-10909 - RESERVED + REJECTED CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on untr ...) - vdsm <itp> (bug #668538) CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack bas ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642 NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7 @@ -27701,7 +27703,7 @@ CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount i CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper secur ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file pat ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298 NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd @@ -28005,6 +28007,7 @@ CVE-2018-10843 (source-to-image component of Openshift Container Platform before CVE-2018-10842 REJECTED CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...) + {DLA-2806-1} - glusterfs 4.1.2-1 (bug #901968) [jessie] - glusterfs <not-affected> (vulnerable code not present) NOTE: https://review.gluster.org/#/c/20328/ @@ -41682,7 +41685,7 @@ CVE-2018-5741 (To provide fine-grained controls over the ability to use Dynamic NOTE: No code fix provided; Incorrect documentation of krb5-subdomain and ms-subdomain update policies. NOTE: Will be adressed in 9.11.5, 9.12.3 CVE-2018-5740 ("deny-answer-aliases" is a little-used feature intended to help recurs ...) - {DLA-1485-1} + {DLA-2807-1 DLA-1485-1} - bind9 1:9.11.4.P1+dfsg-1 (bug #905743) NOTE: https://kb.isc.org/article/AA-01639/74/CVE-2018-5740 NOTE: https://gitlab.isc.org/isc-projects/bind9/merge_requests/607/commits @@ -52832,6 +52835,7 @@ CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not pr [stretch] - 389-ds-base <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2018/05/07/2 CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...) + {DLA-2806-1} - glusterfs 4.0.2-1 (bug #896128) [jessie] - glusterfs <not-affected> (vulnerable code not present) [wheezy] - glusterfs <not-affected> (vulnerable code not present) |