[Bugs] [Bug 1625095] CVE-2018-10930 glusterfs: Files can be renamed outside volume
bugzilla at redhat.com
bugzilla at redhat.com
Wed Sep 5 09:24:13 UTC 2018
https://bugzilla.redhat.com/show_bug.cgi?id=1625095
Worker Ant <bugzilla-bot at gluster.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|POST |MODIFIED
--- Comment #2 from Worker Ant <bugzilla-bot at gluster.org> ---
COMMIT: https://review.gluster.org/21068 committed in master by "Amar Tumballi"
<amarts at redhat.com> with a commit message- server-protocol: don't allow '../'
path in 'name'
This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.
Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.
Fixes: bz#1625095
Signed-off-by: Amar Tumballi <amarts at redhat.com>
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NAfplngLuG&a=cc_unsubscribe
More information about the Bugs
mailing list