Advisories » MGASA-2015-0145

Updated glusterfs packages fix security vulnerabilities

Publication date: 15 Apr 2015
Modification date: 15 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-3619

Description

Updated glusterfs packages fix security vulnerability:

glusterfs was vulnerable to a fragment header infinite loop denial of service
attack (CVE-2014-3619).

Also, the glusterfsd SysV init script was failing to properly start the
service.  This was fixed by replacing it with systemd unit files for the
service that work properly (mga#14049).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15473
• http://lists.opensuse.org/opensuse-updates/2015-03/msg00031.html
• https://bugs.mageia.org/show_bug.cgi?id=14049
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3619

SRPMS

4/core

• glusterfs-3.4.1-1.2.mga4