Oval Definition:oval:org.opensuse.security:def:201810907
Revision Date:2021-06-25Version:1
Title:CVE-2018-10907
Description:

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-10907
openSUSE-SU-2020:0079-1
Mitre CVE-2018-10907
SUSE CVE-2018-10907
openSUSE-SU-2020:0079-1
Platform(s):openSUSE Leap 15.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • glusterfs-3.12.15-lp151.3.3.1 is installed
  • AND glusterfs is signed with openSUSE key
  • OR
  • glusterfs-devel-3.12.15-lp151.3.3.1 is installed
  • AND glusterfs-devel is signed with openSUSE key
  • OR
  • libgfapi0-3.12.15-lp151.3.3.1 is installed
  • AND libgfapi0 is signed with openSUSE key
  • OR
  • libgfchangelog0-3.12.15-lp151.3.3.1 is installed
  • AND libgfchangelog0 is signed with openSUSE key
  • OR
  • libgfdb0-3.12.15-lp151.3.3.1 is installed
  • AND libgfdb0 is signed with openSUSE key
  • OR
  • libgfrpc0-3.12.15-lp151.3.3.1 is installed
  • AND libgfrpc0 is signed with openSUSE key
  • OR
  • libgfxdr0-3.12.15-lp151.3.3.1 is installed
  • AND libgfxdr0 is signed with openSUSE key
  • OR
  • libglusterfs0-3.12.15-lp151.3.3.1 is installed
  • AND libglusterfs0 is signed with openSUSE key
  • OR
  • python-gluster-3.12.15-lp151.3.3.1 is installed
  • AND python-gluster is signed with openSUSE key
  • BACK