On 6/11/18, 5:21 PM, "[log in to unmask] on behalf of Akemi Yagi" <[log in to unmask] on behalf of [log in to unmask]> wrote:

    On Mon, Jun 11, 2018 at 2:15 PM, Kraus, Dave (GE Healthcare)
    <[log in to unmask]> wrote:
    > We seem to be missing at least a couple glusterfs package updates in SL compared to TUV’s security update notification.
    >
    > From what I can tell, at least the last couple updates for 6 and 7 have not come through from SL for either the clients or the server sides:
    >
    > For CVE-2018-1088:
    >    RHSA-2018:1136 (for SL7)
    >    RHSA-2018:1137 (for SL6)
    >
    > For CVE-2018-1112
    >    RHSA-2018:1268 (for SL6)
    >    RHSA-2018:1269 (for SL7)
    >
    > Might want to take a look and see what's going on (or tell me why I'm mistaken, which is more likely...).
    
    glusterfs-3.8.4-53.el7 is the latest version available through the
    regular channel. The newer versions you referenced are available from
    the RH channel "rh-gluster-3-client-for-rhel-7-server-rpms" but the
    source code is not available through git.centos.org.
    
    You can install and use a newer release of the glusterfs packages
    maintained by the CentOS Storage SIG. The details are here:
    
    https://wiki.centos.org/SpecialInterestGroup/Storage/gluster-Quickstart
    
    Akemi
    
In theory there is a glusterfs-3.8.4-54.9 source package available for Red Hat Enterprise Linux Server 6 x86_64. Not sure if SL is pulling from Server or not at this point. (https://access.redhat.com/errata/RHSA-2018:1268 under the Updated Packages tab.)

As I notice, it's in the Server tree. Was just wondering if it got missed somehow.