[Gluster-users] Heketi v5.0.1 security release available for download
obnox at samba.org
Mon Dec 18 17:10:29 UTC 2017
Heketi v5.0.1 is now available.
This release fixes a flaw that was found in heketi API that
permits issuing of OS commands through specially crafted
requests, possibly leading to escalation of privileges. More
details can be obtained at CVE-2017-15103. 
If authentication is turned "on" in heketi configuration, the
flaw can be exploited only by those who possess authentication
key. In case you have a deployment without authentication set to
true, we recommend that you turn it on and also upgrade to
version with fix.
We thank Markus Krell of NTT Security for identifying
the vulnerability and notifying us about the it.
The fix was provided by Raghavendra Talur of Red Hat.
Note that previous versions of Heketi are discontinued
and users are strongly recommended to upgrade to Heketi 5.0.1.
Michael Adam on behalf of the Heketi team
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 163 bytes
Desc: not available
More information about the Gluster-users