Synopsis:          Moderate: glusterfs security, bug fix, and 
Advisory ID:       SLSA-2018:2892-1
Issue Date:        2018-10-09
CVE Numbers:       CVE-2018-10911
--

The glusterfs packages have been upgraded to upstream version 3.12.2,
which provides a number of bug fixes over the previous version.

Security Fix(es):

* glusterfs: Improper deserialization in dict.c:dict_unserialize() can
allow attackers to read arbitrary memory (CVE-2018-10911)
--

SL6
  x86_64
    glusterfs-3.12.2-18.el6.x86_64.rpm
    glusterfs-api-3.12.2-18.el6.x86_64.rpm
    glusterfs-client-xlators-3.12.2-18.el6.x86_64.rpm
    glusterfs-debuginfo-3.12.2-18.el6.x86_64.rpm
    glusterfs-fuse-3.12.2-18.el6.x86_64.rpm
    glusterfs-libs-3.12.2-18.el6.x86_64.rpm
    glusterfs-api-devel-3.12.2-18.el6.x86_64.rpm
    glusterfs-cli-3.12.2-18.el6.x86_64.rpm
    glusterfs-devel-3.12.2-18.el6.x86_64.rpm
    glusterfs-rdma-3.12.2-18.el6.x86_64.rpm

- Scientific Linux Development Team