Enterprise Linux Virtualization
Monthly
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.