{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated glusterfs packages that fix multiple security issues and bugs are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system.\n\nSecurity Fix(es):\n\n* glusterfs: glusterfs server exploitable via symlinks to relative paths (CVE-2018-14651)\n\n* glusterfs: Buffer overflow in \"features/locks\" translator allows for denial of service (CVE-2018-14652)\n\n* glusterfs: Heap-based buffer overflow via \"gf_getspec_req\" RPC message (CVE-2018-14653)\n\n* glusterfs: \"features/index\" translator can create arbitrary, empty files (CVE-2018-14654)\n\n* glusterfs: Unlimited file creation via \"GF_XATTR_IOSTATS_DUMP_KEY\" xattr allows for denial of service (CVE-2018-14659)\n\n* glusterfs: Repeat use of \"GF_META_LOCK_KEY\" xattr allows for memory exhaustion (CVE-2018-14660)\n\n* glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service (CVE-2018-14661)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting these issues.\n\nBug Fix(es):\n\n* MD5 instances are replaced with FIPS-compliant SHA256 checksums and glusterd no longer crashes when run on a FIPS enabled machine. (BZ#1459709)\n\n* The flock is unlocked specifically and the status file is updated so that the reference is not leaked to any worker or agent process. As a result of this fix, all workers come up without fail. (BZ#1623749)\n\n* All HTIME index files are checked for the specified start and end times, and the History API does not fail when multiple HTIME files exist. (BZ#1627639)\n\n* After upgrading to Red Hat Gluster Storage 3.4 from earlier versions of Red Hat Gluster Storage, the volume size displayed by the df command was smaller than the actual volume size. This has been fixed and the df command now shows the correct size for all volumes. (BZ#1630997)\n\n* The algorithm to disable the eager-lock is modified and it disables only when multiple write operations are trying to modify a file at the same time. This led to performance improvement while a write operation is performed on a file irrespective of the number of times it is opened at the same time for a read operation. (BZ#1630688)\n\n* heal-info does not consider the presence of dirty markers as an indication of split-brain and does not display these entries to be in a split-brain state. (BZ#1610743)\n\nAll users of Red Hat Gluster Storage are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:3432",
        "url": "https://access.redhat.com/errata/RHSA-2018:3432"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1610743",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610743"
      },
      {
        "category": "external",
        "summary": "1618221",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618221"
      },
      {
        "category": "external",
        "summary": "1619627",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619627"
      },
      {
        "category": "external",
        "summary": "1622649",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622649"
      },
      {
        "category": "external",
        "summary": "1623749",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623749"
      },
      {
        "category": "external",
        "summary": "1623874",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623874"
      },
      {
        "category": "external",
        "summary": "1624444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1624444"
      },
      {
        "category": "external",
        "summary": "1625622",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625622"
      },
      {
        "category": "external",
        "summary": "1626780",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1626780"
      },
      {
        "category": "external",
        "summary": "1627098",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627098"
      },
      {
        "category": "external",
        "summary": "1627617",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627617"
      },
      {
        "category": "external",
        "summary": "1627639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627639"
      },
      {
        "category": "external",
        "summary": "1630688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630688"
      },
      {
        "category": "external",
        "summary": "1631329",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631329"
      },
      {
        "category": "external",
        "summary": "1631372",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631372"
      },
      {
        "category": "external",
        "summary": "1631576",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631576"
      },
      {
        "category": "external",
        "summary": "1632557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632557"
      },
      {
        "category": "external",
        "summary": "1632974",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632974"
      },
      {
        "category": "external",
        "summary": "1633431",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633431"
      },
      {
        "category": "external",
        "summary": "1635926",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635926"
      },
      {
        "category": "external",
        "summary": "1635929",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635929"
      },
      {
        "category": "external",
        "summary": "1636880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636880"
      },
      {
        "category": "external",
        "summary": "1636902",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636902"
      },
      {
        "category": "external",
        "summary": "1640135",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640135"
      },
      {
        "category": "external",
        "summary": "1641489",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641489"
      },
      {
        "category": "external",
        "summary": "1641586",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641586"
      },
      {
        "category": "external",
        "summary": "1643355",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643355"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3432.json"
      }
    ],
    "title": "Red Hat Security Advisory: glusterfs security and bug fix update",
    "tracking": {
      "current_release_date": "2026-06-30T11:35:42+00:00",
      "generator": {
        "date": "2026-06-30T11:35:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.1"
        }
      },
      "id": "RHSA-2018:3432",
      "initial_release_date": "2018-10-31T08:43:27+00:00",
      "revision_history": [
        {
          "date": "2018-10-31T08:43:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-10-31T08:43:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-30T11:35:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Gluster Storage Server 3.4 on RHEL-7",
                "product": {
                  "name": "Red Hat Gluster Storage Server 3.4 on RHEL-7",
                  "product_id": "7Server-RH-Gluster-3.4-Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:storage:3.4:server:el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
                "product": {
                  "name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
                  "product_id": "7Server-RHSClient",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:storage:3:client:el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
                "product": {
                  "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
                  "product_id": "7Server-RHEV-4-Agents-7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Gluster Storage"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-server@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-libs@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-geo-replication@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-cli@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-rdma@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-fuse@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-api-devel@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-api@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-events@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-ganesha@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-client-xlators@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-debuginfo@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python2-gluster@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
                "product": {
                  "name": "glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
                  "product_id": "glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-devel@3.12.2-25.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
                "product": {
                  "name": "glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
                  "product_id": "glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-debuginfo@3.12.2-25.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
                "product": {
                  "name": "glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
                  "product_id": "glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-client-xlators@3.12.2-25.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-cli-0:3.12.2-25.el7.x86_64",
                "product": {
                  "name": "glusterfs-cli-0:3.12.2-25.el7.x86_64",
                  "product_id": "glusterfs-cli-0:3.12.2-25.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-cli@3.12.2-25.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-libs-0:3.12.2-25.el7.x86_64",
                "product": {
                  "name": "glusterfs-libs-0:3.12.2-25.el7.x86_64",
                  "product_id": "glusterfs-libs-0:3.12.2-25.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-libs@3.12.2-25.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
                "product": {
                  "name": "glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
                  "product_id": "glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-api-devel@3.12.2-25.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-0:3.12.2-25.el7.x86_64",
                "product": {
                  "name": "glusterfs-0:3.12.2-25.el7.x86_64",
                  "product_id": "glusterfs-0:3.12.2-25.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs@3.12.2-25.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-api-0:3.12.2-25.el7.x86_64",
                "product": {
                  "name": "glusterfs-api-0:3.12.2-25.el7.x86_64",
                  "product_id": "glusterfs-api-0:3.12.2-25.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-api@3.12.2-25.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python2-gluster-0:3.12.2-25.el7.x86_64",
                "product": {
                  "name": "python2-gluster-0:3.12.2-25.el7.x86_64",
                  "product_id": "python2-gluster-0:3.12.2-25.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python2-gluster@3.12.2-25.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-fuse-0:3.12.2-25.el7.x86_64",
                "product": {
                  "name": "glusterfs-fuse-0:3.12.2-25.el7.x86_64",
                  "product_id": "glusterfs-fuse-0:3.12.2-25.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-fuse@3.12.2-25.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-devel-0:3.12.2-25.el7.x86_64",
                "product": {
                  "name": "glusterfs-devel-0:3.12.2-25.el7.x86_64",
                  "product_id": "glusterfs-devel-0:3.12.2-25.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-devel@3.12.2-25.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-rdma-0:3.12.2-25.el7.x86_64",
                "product": {
                  "name": "glusterfs-rdma-0:3.12.2-25.el7.x86_64",
                  "product_id": "glusterfs-rdma-0:3.12.2-25.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-rdma@3.12.2-25.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
                "product": {
                  "name": "glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
                  "product_id": "glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs-resource-agents@3.12.2-25.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
                "product": {
                  "name": "redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
                  "product_id": "redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-storage-server@3.4.1.0-1.el7rhgs?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glusterfs-0:3.12.2-25.el7rhgs.src",
                "product": {
                  "name": "glusterfs-0:3.12.2-25.el7rhgs.src",
                  "product_id": "glusterfs-0:3.12.2-25.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs@3.12.2-25.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
                "product": {
                  "name": "redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
                  "product_id": "redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-storage-server@3.4.1.0-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glusterfs-0:3.12.2-25.el7.src",
                "product": {
                  "name": "glusterfs-0:3.12.2-25.el7.src",
                  "product_id": "glusterfs-0:3.12.2-25.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glusterfs@3.12.2-25.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-0:3.12.2-25.el7rhgs.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src"
        },
        "product_reference": "glusterfs-0:3.12.2-25.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-api-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-events-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch"
        },
        "product_reference": "glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-server-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-gluster-0:3.12.2-25.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64"
        },
        "product_reference": "python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch"
        },
        "product_reference": "redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-storage-server-0:3.4.1.0-1.el7rhgs.src as a component of Red Hat Gluster Storage Server 3.4 on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src"
        },
        "product_reference": "redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.4-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-0:3.12.2-25.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src"
        },
        "product_reference": "glusterfs-0:3.12.2-25.el7.src",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-0:3.12.2-25.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-api-0:3.12.2-25.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-api-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-api-devel-0:3.12.2-25.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-cli-0:3.12.2-25.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-cli-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-client-xlators-0:3.12.2-25.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-debuginfo-0:3.12.2-25.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-devel-0:3.12.2-25.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-devel-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-fuse-0:3.12.2-25.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-fuse-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-libs-0:3.12.2-25.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-libs-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-rdma-0:3.12.2-25.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-rdma-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-0:3.12.2-25.el7.src as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src"
        },
        "product_reference": "glusterfs-0:3.12.2-25.el7.src",
        "relates_to_product_reference": "7Server-RHSClient"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-0:3.12.2-25.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSClient"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-api-0:3.12.2-25.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-api-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSClient"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-api-devel-0:3.12.2-25.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSClient"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-cli-0:3.12.2-25.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-cli-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSClient"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-client-xlators-0:3.12.2-25.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSClient"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-debuginfo-0:3.12.2-25.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSClient"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-devel-0:3.12.2-25.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-devel-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSClient"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-fuse-0:3.12.2-25.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-fuse-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSClient"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-libs-0:3.12.2-25.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-libs-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSClient"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glusterfs-rdma-0:3.12.2-25.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "glusterfs-rdma-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSClient"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-gluster-0:3.12.2-25.el7.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7",
          "product_id": "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
        },
        "product_reference": "python2-gluster-0:3.12.2-25.el7.x86_64",
        "relates_to_product_reference": "7Server-RHSClient"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Michael Hanselmann"
          ],
          "organization": "hansmi.ch"
        }
      ],
      "cve": "CVE-2018-14651",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access ('Link Following')"
      },
      "discovery_date": "2018-09-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1632557"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glusterfs: glusterfs server exploitable via symlinks to relative paths",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14651"
        },
        {
          "category": "external",
          "summary": "RHBZ#1632557",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632557"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14651"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14651",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14651"
        }
      ],
      "release_date": "2018-10-31T08:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-10-31T08:43:27+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3432"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glusterfs: glusterfs server exploitable via symlinks to relative paths"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Michael Hanselmann"
          ],
          "organization": "hansmi.ch"
        }
      ],
      "cve": "CVE-2018-14652",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
      },
      "discovery_date": "2018-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1632974"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow was found in strncpy of the pl_getxattr() function. An authenticated attacker could remotely overflow the buffer by sending a buffer of larger length than the size of the key resulting in remote denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glusterfs: Buffer overflow in \"features/locks\" translator allows for denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14652"
        },
        {
          "category": "external",
          "summary": "RHBZ#1632974",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632974"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14652",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14652"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14652",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14652"
        }
      ],
      "release_date": "2018-10-31T08:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-10-31T08:43:27+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3432"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glusterfs: Buffer overflow in \"features/locks\" translator allows for denial of service"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Michael Hanselmann"
          ],
          "organization": "hansmi.ch"
        }
      ],
      "cve": "CVE-2018-14653",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2018-09-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1633431"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow on the heap was found in gf_getspec_req RPC request. A remote, authenticated attacker could use this flaw to cause denial of service and read arbitrary files on glusterfs server node.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glusterfs: Heap-based buffer overflow via \"gf_getspec_req\" RPC message",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14653"
        },
        {
          "category": "external",
          "summary": "RHBZ#1633431",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633431"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14653",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14653"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14653",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14653"
        }
      ],
      "release_date": "2018-10-31T08:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-10-31T08:43:27+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3432"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glusterfs: Heap-based buffer overflow via \"gf_getspec_req\" RPC message"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Michael Hanselmann"
          ],
          "organization": "hansmi.ch"
        }
      ],
      "cve": "CVE-2018-14654",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
      },
      "discovery_date": "2018-09-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1631576"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way glusterfs server handles client requests. A remote, authenticated attacker could set arbitrary values for the GF_XATTROP_ENTRY_IN_KEY and GF_XATTROP_ENTRY_OUT_KEY during xattrop file operation resulting in creation and deletion of arbitrary files on glusterfs server node.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glusterfs: \"features/index\" translator can create arbitrary, empty files",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14654"
        },
        {
          "category": "external",
          "summary": "RHBZ#1631576",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631576"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14654",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14654"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14654",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14654"
        }
      ],
      "release_date": "2018-10-31T08:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-10-31T08:43:27+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3432"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glusterfs: \"features/index\" translator can create arbitrary, empty files"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Michael Hanselmann"
          ],
          "organization": "hansmi.ch"
        }
      ],
      "cve": "CVE-2018-14659",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2018-10-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1635929"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glusterfs: Unlimited file creation via \"GF_XATTR_IOSTATS_DUMP_KEY\" xattr allows for denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14659"
        },
        {
          "category": "external",
          "summary": "RHBZ#1635929",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635929"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14659"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14659",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14659"
        }
      ],
      "release_date": "2018-10-31T08:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-10-31T08:43:27+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3432"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glusterfs: Unlimited file creation via \"GF_XATTR_IOSTATS_DUMP_KEY\" xattr allows for denial of service"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Michael Hanselmann"
          ],
          "organization": "hansmi.ch"
        }
      ],
      "cve": "CVE-2018-14660",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2018-10-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1635926"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in glusterfs server which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glusterfs: Repeat use of \"GF_META_LOCK_KEY\" xattr allows for memory exhaustion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14660"
        },
        {
          "category": "external",
          "summary": "RHBZ#1635926",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635926"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14660",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14660"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14660",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14660"
        }
      ],
      "release_date": "2018-10-31T08:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-10-31T08:43:27+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3432"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glusterfs: Repeat use of \"GF_META_LOCK_KEY\" xattr allows for memory exhaustion"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Michael Hanselmann"
          ],
          "organization": "hansmi.ch"
        }
      ],
      "cve": "CVE-2018-14661",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-10-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1636880"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\n\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
          "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
          "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
          "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14661"
        },
        {
          "category": "external",
          "summary": "RHBZ#1636880",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636880"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14661",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14661"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14661",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14661"
        }
      ],
      "release_date": "2018-10-31T08:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-10-31T08:43:27+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:3432"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.src",
            "7Server-RH-Gluster-3.4-Server:glusterfs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-api-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-cli-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-client-xlators-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-debuginfo-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-devel-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-events-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-fuse-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-ganesha-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-geo-replication-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-libs-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-rdma-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:glusterfs-resource-agents-0:3.12.2-25.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:glusterfs-server-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:python2-gluster-0:3.12.2-25.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.4-Server:redhat-storage-server-0:3.4.1.0-1.el7rhgs.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHEV-4-Agents-7:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHEV-4-Agents-7:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.src",
            "7Server-RHSClient:glusterfs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-api-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-cli-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-client-xlators-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-debuginfo-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-devel-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-fuse-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-libs-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:glusterfs-rdma-0:3.12.2-25.el7.x86_64",
            "7Server-RHSClient:python2-gluster-0:3.12.2-25.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service"
    }
  ]
}