ALAS2-2018-1128


Amazon Linux 2 Security Advisory: ALAS-2018-1128
Advisory Release Date: 2018-12-19 17:40 Pacific
Severity: Medium
References: CVE-2018-10911 

Issue Overview:

A flaw was found in dict.c:dict_unserialize function of glusterfs, dic_unserialize function does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.(CVE-2018-10911 )


Affected Packages:

glusterfs


Issue Correction:
Run yum update glusterfs to update your system.

New Packages:
aarch64:
    glusterfs-3.12.2-18.amzn2.aarch64
    glusterfs-api-3.12.2-18.amzn2.aarch64
    glusterfs-api-devel-3.12.2-18.amzn2.aarch64
    glusterfs-cli-3.12.2-18.amzn2.aarch64
    glusterfs-devel-3.12.2-18.amzn2.aarch64
    glusterfs-fuse-3.12.2-18.amzn2.aarch64
    glusterfs-libs-3.12.2-18.amzn2.aarch64
    python2-gluster-3.12.2-18.amzn2.aarch64
    glusterfs-rdma-3.12.2-18.amzn2.aarch64
    glusterfs-client-xlators-3.12.2-18.amzn2.aarch64
    glusterfs-debuginfo-3.12.2-18.amzn2.aarch64

i686:
    glusterfs-3.12.2-18.amzn2.i686
    glusterfs-api-3.12.2-18.amzn2.i686
    glusterfs-api-devel-3.12.2-18.amzn2.i686
    glusterfs-cli-3.12.2-18.amzn2.i686
    glusterfs-devel-3.12.2-18.amzn2.i686
    glusterfs-fuse-3.12.2-18.amzn2.i686
    glusterfs-libs-3.12.2-18.amzn2.i686
    python2-gluster-3.12.2-18.amzn2.i686
    glusterfs-rdma-3.12.2-18.amzn2.i686
    glusterfs-client-xlators-3.12.2-18.amzn2.i686
    glusterfs-debuginfo-3.12.2-18.amzn2.i686

src:
    glusterfs-3.12.2-18.amzn2.src

x86_64:
    glusterfs-3.12.2-18.amzn2.x86_64
    glusterfs-api-3.12.2-18.amzn2.x86_64
    glusterfs-api-devel-3.12.2-18.amzn2.x86_64
    glusterfs-cli-3.12.2-18.amzn2.x86_64
    glusterfs-devel-3.12.2-18.amzn2.x86_64
    glusterfs-fuse-3.12.2-18.amzn2.x86_64
    glusterfs-libs-3.12.2-18.amzn2.x86_64
    python2-gluster-3.12.2-18.amzn2.x86_64
    glusterfs-rdma-3.12.2-18.amzn2.x86_64
    glusterfs-client-xlators-3.12.2-18.amzn2.x86_64
    glusterfs-debuginfo-3.12.2-18.amzn2.x86_64