Bugzilla – Bug 919879
VUL-0: CVE-2014-3619: glusterfs: fragment header infinite loop DoS
Last modified: 2015-03-27 20:54:36 UTC
rh#1138145 A denial of service flaw was found in the way the __socket_proto_state_machine() function of glusterfs processed certain fragment headers. A remote attacker could send a specially crafted fragment header that, when processed, would cause the glusterfs process to enter an infinite loop. References: https://bugzilla.redhat.com/show_bug.cgi?id=1138145 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3619
This is an autogenerated message for OBS integration: This bug (919879) was mentioned in https://build.opensuse.org/request/show/288068 13.1 / glusterfs
bugbot adjusting priority
openSUSE-SU-2015:0473-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 919879 CVE References: CVE-2014-3619 Sources used: openSUSE 13.1 (src): glusterfs-3.4.0~qa9-2.4.1
Hello, the patch is missing from the 13.2 package and applies there. If glusterof 3.5.2 in openSUSE 13.2 is affected, could you please submit an update?
This is an autogenerated message for OBS integration: This bug (919879) was mentioned in https://build.opensuse.org/request/show/290294 13.2 / glusterfs
openSUSE-SU-2015:0528-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 919879 CVE References: CVE-2014-3619 Sources used: openSUSE 13.2 (src): glusterfs-3.5.2-2.4.1
Update was sent out.