ALAS2-2023-2071

Amazon Linux 2 Security Advisory: ALAS-2023-2071
Advisory Release Date: 2023-06-05 16:39 Pacific
Advisory Updated Date: 2023-06-07 22:38 Pacific

Severity: Important

References: CVE-2023-26253
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. (CVE-2023-26253)

Affected Packages:

glusterfs

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update glusterfs to update your system.

New Packages:

aarch64:
    glusterfs-3.12.2-18.amzn2.0.2.aarch64
    glusterfs-api-3.12.2-18.amzn2.0.2.aarch64
    glusterfs-api-devel-3.12.2-18.amzn2.0.2.aarch64
    glusterfs-cli-3.12.2-18.amzn2.0.2.aarch64
    glusterfs-devel-3.12.2-18.amzn2.0.2.aarch64
    glusterfs-fuse-3.12.2-18.amzn2.0.2.aarch64
    glusterfs-libs-3.12.2-18.amzn2.0.2.aarch64
    python2-gluster-3.12.2-18.amzn2.0.2.aarch64
    glusterfs-rdma-3.12.2-18.amzn2.0.2.aarch64
    glusterfs-client-xlators-3.12.2-18.amzn2.0.2.aarch64
    glusterfs-debuginfo-3.12.2-18.amzn2.0.2.aarch64

i686:
    glusterfs-3.12.2-18.amzn2.0.2.i686
    glusterfs-api-3.12.2-18.amzn2.0.2.i686
    glusterfs-api-devel-3.12.2-18.amzn2.0.2.i686
    glusterfs-cli-3.12.2-18.amzn2.0.2.i686
    glusterfs-devel-3.12.2-18.amzn2.0.2.i686
    glusterfs-fuse-3.12.2-18.amzn2.0.2.i686
    glusterfs-libs-3.12.2-18.amzn2.0.2.i686
    python2-gluster-3.12.2-18.amzn2.0.2.i686
    glusterfs-rdma-3.12.2-18.amzn2.0.2.i686
    glusterfs-client-xlators-3.12.2-18.amzn2.0.2.i686
    glusterfs-debuginfo-3.12.2-18.amzn2.0.2.i686

src:
    glusterfs-3.12.2-18.amzn2.0.2.src

x86_64:
    glusterfs-3.12.2-18.amzn2.0.2.x86_64
    glusterfs-api-3.12.2-18.amzn2.0.2.x86_64
    glusterfs-api-devel-3.12.2-18.amzn2.0.2.x86_64
    glusterfs-cli-3.12.2-18.amzn2.0.2.x86_64
    glusterfs-devel-3.12.2-18.amzn2.0.2.x86_64
    glusterfs-fuse-3.12.2-18.amzn2.0.2.x86_64
    glusterfs-libs-3.12.2-18.amzn2.0.2.x86_64
    python2-gluster-3.12.2-18.amzn2.0.2.x86_64
    glusterfs-rdma-3.12.2-18.amzn2.0.2.x86_64
    glusterfs-client-xlators-3.12.2-18.amzn2.0.2.x86_64
    glusterfs-debuginfo-3.12.2-18.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2023-26253

Mitre: CVE-2023-26253

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2-2023-2071

Additional References