[Bugs] [Bug 1625664] CVE-2018-10930 glusterfs: Files can be renamed outside volume
bugzilla at redhat.com
bugzilla at redhat.com
Thu Sep 6 15:54:45 UTC 2018
https://bugzilla.redhat.com/show_bug.cgi?id=1625664
Worker Ant <bugzilla-bot at gluster.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|POST |MODIFIED
--- Comment #2 from Worker Ant <bugzilla-bot at gluster.org> ---
COMMIT: https://review.gluster.org/21102 committed in release-3.12 by "jiffin
tony Thottan" <jthottan at redhat.com> with a commit message- server-protocol:
don't allow '../' path in 'name'
This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.
Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.
BUG: 1625664
Signed-off-by: Amar Tumballi <amarts at redhat.com>
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list