Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-4406 (GCVE-0-2012-4406)
Vulnerability from cvelistv5
Published
2012-10-22 23:00
Modified
2024-08-06 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
},
{
"name": "55420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55420"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/swift/+milestone/1.7.0"
},
{
"name": "RHSA-2012:1379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
},
{
"name": "openstack-swift-loads-code-exec(79140)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/swift/+bug/1006414"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"name": "[oss-security] 20120905 CVE-Request: openstack pickle de-serialization",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
},
{
"name": "FEDORA-2012-15098",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
},
{
"name": "RHSA-2013:0691",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
},
{
"name": "[oss-security] 20120905 Re: CVE-Request: openstack pickle de-serialization",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
},
{
"name": "55420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55420"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/swift/+milestone/1.7.0"
},
{
"name": "RHSA-2012:1379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
},
{
"name": "openstack-swift-loads-code-exec(79140)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/swift/+bug/1006414"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"name": "[oss-security] 20120905 CVE-Request: openstack pickle de-serialization",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
},
{
"name": "FEDORA-2012-15098",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
},
{
"name": "RHSA-2013:0691",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
},
{
"name": "[oss-security] 20120905 Re: CVE-Request: openstack pickle de-serialization",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4406",
"datePublished": "2012-10-22T23:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:35:09.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2012-4406\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-10-22T23:55:06.743\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.\"},{\"lang\":\"es\",\"value\":\"OpenStack Object Storage (swift) antes de v1.7.0 utiliza la funci\u00f3n loads en el m\u00f3dulo pickle de Python de forma no segura al almacenar y cargar los metadatos en memcached, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un objeto pickle modificado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.7.0\",\"matchCriteriaId\":\"AD5D7F7C-3474-4354-8531-CC28D6F3B635\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"706C6399-CAD1-46E3-87A2-8DFE2CF497ED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0923F044-C68D-4A4A-96E1-C498F3A77C10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59D47E43-886E-4114-96A2-DBE719EA3A89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52B90A04-DD6D-4AE7-A0E5-6B381127D507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0257753-51C3-45F2-BAA4-4C1F2DEAB7A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1379.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0691.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/09/05/16\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/09/05/4\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.securityfocus.com/bid/55420\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://bugs.launchpad.net/swift/+bug/1006414\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=854757\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/79140\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://launchpad.net/swift/+milestone/1.7.0\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-1379.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0691.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/09/05/16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/09/05/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.securityfocus.com/bid/55420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://bugs.launchpad.net/swift/+bug/1006414\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=854757\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/79140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://launchpad.net/swift/+milestone/1.7.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]}]}}"
}
}
gsd-2012-4406
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-4406",
"description": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.",
"id": "GSD-2012-4406",
"references": [
"https://www.suse.com/security/cve/CVE-2012-4406.html",
"https://access.redhat.com/errata/RHSA-2013:0691",
"https://access.redhat.com/errata/RHSA-2012:1379"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-4406"
],
"details": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.",
"id": "GSD-2012-4406",
"modified": "2023-12-13T01:20:14.569724Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0691.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2012-1379.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/09/05/16",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/09/05/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
},
{
"name": "http://www.securityfocus.com/bid/55420",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/55420"
},
{
"name": "https://bugs.launchpad.net/swift/+bug/1006414",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/swift/+bug/1006414"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
},
{
"name": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a",
"refsource": "MISC",
"url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
},
{
"name": "https://launchpad.net/swift/+milestone/1.7.0",
"refsource": "MISC",
"url": "https://launchpad.net/swift/+milestone/1.7.0"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=854757",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.7.0",
"affected_versions": "All versions before 1.7.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937",
"CWE-94"
],
"date": "2023-02-08",
"description": "CVE-2012-4406 Openstack-Swift: insecure use of python pickle()",
"fixed_versions": [
"1.7.0"
],
"identifier": "CVE-2012-4406",
"identifiers": [
"GHSA-v7mh-3jgf-r26c",
"CVE-2012-4406"
],
"not_impacted": "All versions starting from 1.7.0",
"package_slug": "pypi/swift",
"pubdate": "2022-05-17",
"solution": "Upgrade to version 1.7.0 or above.",
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2012-4406",
"https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a",
"https://bugs.launchpad.net/swift/+bug/1006414",
"https://bugzilla.redhat.com/show_bug.cgi?id=854757",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/79140",
"https://launchpad.net/swift/+milestone/1.7.0",
"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html",
"http://rhn.redhat.com/errata/RHSA-2012-1379.html",
"http://rhn.redhat.com/errata/RHSA-2013-0691.html",
"http://www.openwall.com/lists/oss-security/2012/09/05/16",
"http://www.openwall.com/lists/oss-security/2012/09/05/4",
"https://access.redhat.com/errata/RHSA-2012:1379",
"https://access.redhat.com/errata/RHSA-2013:0691",
"https://access.redhat.com/security/cve/CVE-2012-4406",
"https://web.archive.org/web/20130629092623/http://www.securityfocus.com/bid/55420",
"https://github.com/advisories/GHSA-v7mh-3jgf-r26c"
],
"uuid": "cfd093ff-1e5a-42aa-8c7b-43925e30b7dd"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5D7F7C-3474-4354-8531-CC28D6F3B635",
"versionEndExcluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0923F044-C68D-4A4A-96E1-C498F3A77C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59D47E43-886E-4114-96A2-DBE719EA3A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0257753-51C3-45F2-BAA4-4C1F2DEAB7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object."
},
{
"lang": "es",
"value": "OpenStack Object Storage (swift) antes de v1.7.0 utiliza la funci\u00f3n loads en el m\u00f3dulo pickle de Python de forma no segura al almacenar y cargar los metadatos en memcached, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un objeto pickle modificado."
}
],
"id": "CVE-2012-4406",
"lastModified": "2024-01-25T02:13:29.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-10-22T23:55:06.743",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/55420"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/swift/+bug/1006414"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "https://launchpad.net/swift/+milestone/1.7.0"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
fkie_cve-2012-4406
Vulnerability from fkie_nvd
Published
2012-10-22 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html | Mailing List | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-1379.html | Third Party Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2013-0691.html | Not Applicable | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/09/05/16 | Mailing List | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/09/05/4 | Mailing List | |
| secalert@redhat.com | http://www.securityfocus.com/bid/55420 | Broken Link | |
| secalert@redhat.com | https://bugs.launchpad.net/swift/+bug/1006414 | Issue Tracking, Patch | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=854757 | Issue Tracking, Patch | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/79140 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a | Patch | |
| secalert@redhat.com | https://launchpad.net/swift/+milestone/1.7.0 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1379.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-0691.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/09/05/16 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/09/05/4 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/55420 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/swift/+bug/1006414 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=854757 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/79140 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/swift/+milestone/1.7.0 | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | swift | * | |
| fedoraproject | fedora | 16 | |
| redhat | gluster_storage_management_console | 2.0 | |
| redhat | gluster_storage_server_for_on-premise | 2.0 | |
| redhat | storage | 2.0 | |
| redhat | storage_for_public_cloud | 2.0 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5D7F7C-3474-4354-8531-CC28D6F3B635",
"versionEndExcluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0923F044-C68D-4A4A-96E1-C498F3A77C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59D47E43-886E-4114-96A2-DBE719EA3A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0257753-51C3-45F2-BAA4-4C1F2DEAB7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object."
},
{
"lang": "es",
"value": "OpenStack Object Storage (swift) antes de v1.7.0 utiliza la funci\u00f3n loads en el m\u00f3dulo pickle de Python de forma no segura al almacenar y cargar los metadatos en memcached, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un objeto pickle modificado."
}
],
"id": "CVE-2012-4406",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-10-22T23:55:06.743",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/55420"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/swift/+bug/1006414"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "https://launchpad.net/swift/+milestone/1.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/55420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/swift/+bug/1006414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://launchpad.net/swift/+milestone/1.7.0"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-v7mh-3jgf-r26c
Vulnerability from github
Published
2022-05-17 01:42
Modified
2024-02-06 16:02
Severity ?
VLAI Severity ?
Summary
OpenStack Object Storage (swift) Code Injection vulnerability
Details
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "swift"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2012-4406"
],
"database_specific": {
"cwe_ids": [
"CWE-502",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-08T17:56:11Z",
"nvd_published_at": "2012-10-22T23:55:00Z",
"severity": "CRITICAL"
},
"details": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.",
"id": "GHSA-v7mh-3jgf-r26c",
"modified": "2024-02-06T16:02:43Z",
"published": "2022-05-17T01:42:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4406"
},
{
"type": "WEB",
"url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:1379"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2013:0691"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2012-4406"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/swift/+bug/1006414"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
},
{
"type": "WEB",
"url": "https://launchpad.net/swift/+milestone/1.7.0"
},
{
"type": "PACKAGE",
"url": "https://opendev.org/openstack/swift"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20130629092623/http://www.securityfocus.com/bid/55420"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/55420"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenStack Object Storage (swift) Code Injection vulnerability"
}
rhsa-2013:0691
Vulnerability from csaf_redhat
Published
2013-03-28 22:14
Modified
2024-11-22 06:02
Summary
Red Hat Security Advisory: Red Hat Storage 2.0 security, bug fix, and enhancement update #4
Notes
Topic
Updated Red Hat Storage 2.0 packages that fix multiple security issues,
several bugs, and add enhancements are now available.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Red Hat Storage is a software only, scale-out storage solution that
provides flexible and agile unstructured data storage for the enterprise.
A flaw was found in the way the Swift component used Python pickle. This
could lead to arbitrary code execution. With this update, the JSON
(JavaScript Object Notation) format is used. (CVE-2012-4406)
Multiple insecure temporary file creation flaws were found in Red Hat
Storage. A local user on the Red Hat Storage server could use these flaws
to cause arbitrary files to be overwritten as the root user via a symbolic
link attack. (CVE-2012-5635)
It was found that sanlock created "/var/run/sanlock/sanlock.pid" with
world-writable permissions. A local user could use this flaw to make the
sanlock init script kill an arbitrary process when the sanlock daemon is
stopped or restarted. Additionally, "/var/log/sanlock.log" was also
world-writable, allowing local users to modify the contents of the log
file, or store data within it (bypassing any quotas applied to their
account). (CVE-2012-5638)
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting CVE-2012-4406. The CVE-2012-5635 issues were discovered by Kurt
Seifried of the Red Hat Security Response Team and Michael Scherer of the
Red Hat Regional IT team, and CVE-2012-5638 was discovered by David
Teigland of Red Hat.
Bug fixes and enhancements:
* Options to provide POSIX behavior when the O_DIRECT flag is used with
the open() system call across many translators. (BZ#856156)
* A mount time option provided to make the FUSE module's request queue
length configurable. (BZ#856206)
* Various fixes in the FUSE module to ensure the 'read-only' (-o ro) mount
option works. (BZ#858499)
* Various fixes in GlusterFS's rebalance code to handle failures while
replica pairs are getting connected and disconnected in quick succession.
(BZ#859387)
* NFS code fixed to ensure proper inode transformation logic when the
'enable-ino32' option is set. (BZ#864222)
* Fixed the behavior of the posix-locks module per POSIX locking
semantics. As a result, smb-torture's ping-pong tests now run smoothly on
top of GlusterFS mounts. (BZ#869724)
* FUSE module enhanced with the enable-ino32 mount option, required by any
32-bit applications running on top of a GlusterFS mount. (BZ#876679)
* Corrections were made to fd table behavior when both NFS and
geo-replication are in progress. (BZ#880193)
* With this update, disconnections are now handled better in the
geo-replication 'gsyncd' process. (BZ#880308)
* With this update, the 'gluster volume geo-replication config checkpoint'
command returns the output value properly. (BZ#881736)
* With this enhancement, it is possible to set the 'root-squash' volume
option with Gluster CLI. Red Hat Storage volumes now support NFS's
root-squashing behavior. (BZ#883590)
* NFS POSIX lock issue fixed when 'root-squash' option is enabled on the
volume. (BZ#906884)
* Fixed an issue in tracking the changes of Geo-replication when an
unprivileged user accesses the file system. (BZ#883827)
* Fixed NFS locking manager (NLM) code to handle IP failover successfully.
(BZ#888286)
* Fixed issue in rebalance code to handle proper pointer dereference.
(BZ#894237)
* POSIX module made more robust to handle backend brick failures better.
(BZ#895841)
* Fixed the 'gluster volume geo-replication' command to provide a
meaningful message when a wrong hostname is entered. (BZ#902213)
* Fixed Console Configuration Script where it added invalid 'security'
configuration for ENGINEDataSource in JBoss. (BZ#922572)
* Fixed rhsc-setup failure where it does not check for SELinux before
running setsebool. (BZ#923674)
* Provided an update to the rhn-client-tools package to ensure setup
defaults to the correct base Red Hat Enterprise Linux (6.2 Extended Update
Support). (BZ#911777)
Refer to the Release Notes, available shortly from the link in the
References section, for further information.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat Storage 2.0 packages that fix multiple security issues,\nseveral bugs, and add enhancements are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Storage is a software only, scale-out storage solution that\nprovides flexible and agile unstructured data storage for the enterprise.\n\nA flaw was found in the way the Swift component used Python pickle. This\ncould lead to arbitrary code execution. With this update, the JSON\n(JavaScript Object Notation) format is used. (CVE-2012-4406)\n\nMultiple insecure temporary file creation flaws were found in Red Hat\nStorage. A local user on the Red Hat Storage server could use these flaws\nto cause arbitrary files to be overwritten as the root user via a symbolic\nlink attack. (CVE-2012-5635)\n\nIt was found that sanlock created \"/var/run/sanlock/sanlock.pid\" with\nworld-writable permissions. A local user could use this flaw to make the\nsanlock init script kill an arbitrary process when the sanlock daemon is\nstopped or restarted. Additionally, \"/var/log/sanlock.log\" was also\nworld-writable, allowing local users to modify the contents of the log\nfile, or store data within it (bypassing any quotas applied to their\naccount). (CVE-2012-5638)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security Team for\nreporting CVE-2012-4406. The CVE-2012-5635 issues were discovered by Kurt\nSeifried of the Red Hat Security Response Team and Michael Scherer of the\nRed Hat Regional IT team, and CVE-2012-5638 was discovered by David\nTeigland of Red Hat.\n\nBug fixes and enhancements:\n\n* Options to provide POSIX behavior when the O_DIRECT flag is used with\nthe open() system call across many translators. (BZ#856156)\n\n* A mount time option provided to make the FUSE module\u0027s request queue\nlength configurable. (BZ#856206)\n\n* Various fixes in the FUSE module to ensure the \u0027read-only\u0027 (-o ro) mount\noption works. (BZ#858499)\n\n* Various fixes in GlusterFS\u0027s rebalance code to handle failures while\nreplica pairs are getting connected and disconnected in quick succession.\n(BZ#859387)\n\n* NFS code fixed to ensure proper inode transformation logic when the\n\u0027enable-ino32\u0027 option is set. (BZ#864222)\n\n* Fixed the behavior of the posix-locks module per POSIX locking\nsemantics. As a result, smb-torture\u0027s ping-pong tests now run smoothly on\ntop of GlusterFS mounts. (BZ#869724)\n\n* FUSE module enhanced with the enable-ino32 mount option, required by any\n32-bit applications running on top of a GlusterFS mount. (BZ#876679)\n\n* Corrections were made to fd table behavior when both NFS and\ngeo-replication are in progress. (BZ#880193)\n\n* With this update, disconnections are now handled better in the\ngeo-replication \u0027gsyncd\u0027 process. (BZ#880308)\n\n* With this update, the \u0027gluster volume geo-replication config checkpoint\u0027\ncommand returns the output value properly. (BZ#881736)\n\n* With this enhancement, it is possible to set the \u0027root-squash\u0027 volume\noption with Gluster CLI. Red Hat Storage volumes now support NFS\u0027s\nroot-squashing behavior. (BZ#883590)\n\n* NFS POSIX lock issue fixed when \u0027root-squash\u0027 option is enabled on the\nvolume. (BZ#906884)\n\n* Fixed an issue in tracking the changes of Geo-replication when an\nunprivileged user accesses the file system. (BZ#883827)\n\n* Fixed NFS locking manager (NLM) code to handle IP failover successfully.\n(BZ#888286)\n\n* Fixed issue in rebalance code to handle proper pointer dereference.\n(BZ#894237)\n\n* POSIX module made more robust to handle backend brick failures better.\n(BZ#895841)\n\n* Fixed the \u0027gluster volume geo-replication\u0027 command to provide a\nmeaningful message when a wrong hostname is entered. (BZ#902213)\n\n* Fixed Console Configuration Script where it added invalid \u0027security\u0027\nconfiguration for ENGINEDataSource in JBoss. (BZ#922572)\n\n* Fixed rhsc-setup failure where it does not check for SELinux before\nrunning setsebool. (BZ#923674)\n\n* Provided an update to the rhn-client-tools package to ensure setup\ndefaults to the correct base Red Hat Enterprise Linux (6.2 Extended Update\nSupport). (BZ#911777)\n\nRefer to the Release Notes, available shortly from the link in the\nReferences section, for further information.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0691",
"url": "https://access.redhat.com/errata/RHSA-2013:0691"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/knowledge/docs/Red_Hat_Storage/",
"url": "https://access.redhat.com/knowledge/docs/Red_Hat_Storage/"
},
{
"category": "external",
"summary": "854757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"category": "external",
"summary": "856206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856206"
},
{
"category": "external",
"summary": "859387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=859387"
},
{
"category": "external",
"summary": "869724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=869724"
},
{
"category": "external",
"summary": "876679",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=876679"
},
{
"category": "external",
"summary": "883590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883590"
},
{
"category": "external",
"summary": "886364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=886364"
},
{
"category": "external",
"summary": "887010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887010"
},
{
"category": "external",
"summary": "895841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895841"
},
{
"category": "external",
"summary": "902213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902213"
},
{
"category": "external",
"summary": "922572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=922572"
},
{
"category": "external",
"summary": "923674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923674"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0691.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Storage 2.0 security, bug fix, and enhancement update #4",
"tracking": {
"current_release_date": "2024-11-22T06:02:10+00:00",
"generator": {
"date": "2024-11-22T06:02:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0691",
"initial_release_date": "2013-03-28T22:14:00+00:00",
"revision_history": [
{
"date": "2013-03-28T22:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-03-28T22:21:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:02:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Storage Server 2.0",
"product": {
"name": "Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:2.0:server:el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Storage 2.0 Console",
"product": {
"name": "Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:2.0:console:el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 5",
"product": {
"name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 5",
"product_id": "5Server-RHSClient",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:2:client:el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product": {
"name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3:client:el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "sos-0:2.2-17.2.el6rhs.noarch",
"product": {
"name": "sos-0:2.2-17.2.el6rhs.noarch",
"product_id": "sos-0:2.2-17.2.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sos@2.2-17.2.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "gluster-swift-0:1.4.8-5.el6rhs.noarch",
"product": {
"name": "gluster-swift-0:1.4.8-5.el6rhs.noarch",
"product_id": "gluster-swift-0:1.4.8-5.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gluster-swift@1.4.8-5.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"product": {
"name": "gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"product_id": "gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gluster-swift-account@1.4.8-5.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"product": {
"name": "gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"product_id": "gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gluster-swift-container@1.4.8-5.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"product": {
"name": "gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"product_id": "gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gluster-swift-object@1.4.8-5.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"product": {
"name": "gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"product_id": "gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gluster-swift-proxy@1.4.8-5.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"product": {
"name": "gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"product_id": "gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gluster-swift-doc@1.4.8-5.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"product": {
"name": "vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"product_id": "vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-gluster@4.9.6-20.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"product": {
"name": "vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"product_id": "vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-bootstrap@4.9.6-20.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"product": {
"name": "vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"product_id": "vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-faqemu@4.9.6-20.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"product": {
"name": "vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"product_id": "vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-debug-plugin@4.9.6-20.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"product": {
"name": "vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"product_id": "vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-hook-vhostmd@4.9.6-20.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"product": {
"name": "vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"product_id": "vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-cli@4.9.6-20.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"product": {
"name": "vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"product_id": "vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-reg@4.9.6-20.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "appliance-base-0:1.7.1-1.el6rhs.noarch",
"product": {
"name": "appliance-base-0:1.7.1-1.el6rhs.noarch",
"product_id": "appliance-base-0:1.7.1-1.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/appliance-base@1.7.1-1.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhn-setup-0:1.0.0-73.el6rhs.noarch",
"product": {
"name": "rhn-setup-0:1.0.0-73.el6rhs.noarch",
"product_id": "rhn-setup-0:1.0.0-73.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhn-setup@1.0.0-73.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"product": {
"name": "rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"product_id": "rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhn-setup-gnome@1.0.0-73.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"product": {
"name": "rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"product_id": "rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhn-client-tools@1.0.0-73.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhn-check-0:1.0.0-73.el6rhs.noarch",
"product": {
"name": "rhn-check-0:1.0.0-73.el6rhs.noarch",
"product_id": "rhn-check-0:1.0.0-73.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhn-check@1.0.0-73.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc-tools-common@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc-userportal@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc-restapi@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc-notification-service@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc-dbscripts@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc-jboss-deps@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc-setup@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc-config@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc-webadmin-portal@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc-backend@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"product": {
"name": "rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"product_id": "rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc-genericapi@2.0.techpreview1-4.el6rhs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "sos-0:2.2-17.2.el6rhs.src",
"product": {
"name": "sos-0:2.2-17.2.el6rhs.src",
"product_id": "sos-0:2.2-17.2.el6rhs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sos@2.2-17.2.el6rhs?arch=src"
}
}
},
{
"category": "product_version",
"name": "sanlock-0:2.3-4.el6_3.src",
"product": {
"name": "sanlock-0:2.3-4.el6_3.src",
"product_id": "sanlock-0:2.3-4.el6_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sanlock@2.3-4.el6_3?arch=src"
}
}
},
{
"category": "product_version",
"name": "libvirt-0:0.9.10-21.el6_3.8.src",
"product": {
"name": "libvirt-0:0.9.10-21.el6_3.8.src",
"product_id": "libvirt-0:0.9.10-21.el6_3.8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libvirt@0.9.10-21.el6_3.8?arch=src"
}
}
},
{
"category": "product_version",
"name": "gluster-swift-0:1.4.8-5.el6rhs.src",
"product": {
"name": "gluster-swift-0:1.4.8-5.el6rhs.src",
"product_id": "gluster-swift-0:1.4.8-5.el6rhs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gluster-swift@1.4.8-5.el6rhs?arch=src"
}
}
},
{
"category": "product_version",
"name": "vdsm-0:4.9.6-20.el6rhs.src",
"product": {
"name": "vdsm-0:4.9.6-20.el6rhs.src",
"product_id": "vdsm-0:4.9.6-20.el6rhs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.9.6-20.el6rhs?arch=src"
}
}
},
{
"category": "product_version",
"name": "appliance-0:1.7.1-1.el6rhs.src",
"product": {
"name": "appliance-0:1.7.1-1.el6rhs.src",
"product_id": "appliance-0:1.7.1-1.el6rhs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/appliance@1.7.1-1.el6rhs?arch=src"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"product": {
"name": "glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"product_id": "glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.3.0.7rhs-1.el6rhs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhn-client-tools-0:1.0.0-73.el6rhs.src",
"product": {
"name": "rhn-client-tools-0:1.0.0-73.el6rhs.src",
"product_id": "rhn-client-tools-0:1.0.0-73.el6rhs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhn-client-tools@1.0.0-73.el6rhs?arch=src"
}
}
},
{
"category": "product_version",
"name": "augeas-0:0.9.0-1.el6.src",
"product": {
"name": "augeas-0:0.9.0-1.el6.src",
"product_id": "augeas-0:0.9.0-1.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/augeas@0.9.0-1.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhsc-0:2.0.techpreview1-4.el6rhs.src",
"product": {
"name": "rhsc-0:2.0.techpreview1-4.el6rhs.src",
"product_id": "rhsc-0:2.0.techpreview1-4.el6rhs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhsc@2.0.techpreview1-4.el6rhs?arch=src"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.3.0.7rhs-1.el5.src",
"product": {
"name": "glusterfs-0:3.3.0.7rhs-1.el5.src",
"product_id": "glusterfs-0:3.3.0.7rhs-1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.3.0.7rhs-1.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.3.0.7rhs-1.el6.src",
"product": {
"name": "glusterfs-0:3.3.0.7rhs-1.el6.src",
"product_id": "glusterfs-0:3.3.0.7rhs-1.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.3.0.7rhs-1.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "sanlock-python-0:2.3-4.el6_3.x86_64",
"product": {
"name": "sanlock-python-0:2.3-4.el6_3.x86_64",
"product_id": "sanlock-python-0:2.3-4.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sanlock-python@2.3-4.el6_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sanlock-devel-0:2.3-4.el6_3.x86_64",
"product": {
"name": "sanlock-devel-0:2.3-4.el6_3.x86_64",
"product_id": "sanlock-devel-0:2.3-4.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sanlock-devel@2.3-4.el6_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sanlock-lib-0:2.3-4.el6_3.x86_64",
"product": {
"name": "sanlock-lib-0:2.3-4.el6_3.x86_64",
"product_id": "sanlock-lib-0:2.3-4.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sanlock-lib@2.3-4.el6_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sanlock-0:2.3-4.el6_3.x86_64",
"product": {
"name": "sanlock-0:2.3-4.el6_3.x86_64",
"product_id": "sanlock-0:2.3-4.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sanlock@2.3-4.el6_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"product": {
"name": "sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"product_id": "sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sanlock-debuginfo@2.3-4.el6_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"product": {
"name": "libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"product_id": "libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libvirt-client@0.9.10-21.el6_3.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"product": {
"name": "libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"product_id": "libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libvirt-python@0.9.10-21.el6_3.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"product": {
"name": "libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"product_id": "libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libvirt-lock-sanlock@0.9.10-21.el6_3.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"product": {
"name": "libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"product_id": "libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libvirt-debuginfo@0.9.10-21.el6_3.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libvirt-0:0.9.10-21.el6_3.8.x86_64",
"product": {
"name": "libvirt-0:0.9.10-21.el6_3.8.x86_64",
"product_id": "libvirt-0:0.9.10-21.el6_3.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libvirt@0.9.10-21.el6_3.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"product": {
"name": "libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"product_id": "libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libvirt-devel@0.9.10-21.el6_3.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-0:4.9.6-20.el6rhs.x86_64",
"product": {
"name": "vdsm-0:4.9.6-20.el6rhs.x86_64",
"product_id": "vdsm-0:4.9.6-20.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm@4.9.6-20.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"product": {
"name": "vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"product_id": "vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-python@4.9.6-20.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"product": {
"name": "vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"product_id": "vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-debuginfo@4.9.6-20.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product": {
"name": "glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_id": "glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-server@3.3.0.7rhs-1.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product": {
"name": "glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_id": "glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-rdma@3.3.0.7rhs-1.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product": {
"name": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_id": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-debuginfo@3.3.0.7rhs-1.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product": {
"name": "glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_id": "glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-fuse@3.3.0.7rhs-1.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product": {
"name": "glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_id": "glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-geo-replication@3.3.0.7rhs-1.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product": {
"name": "glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_id": "glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-devel@3.3.0.7rhs-1.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product": {
"name": "glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_id": "glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.3.0.7rhs-1.el6rhs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"product": {
"name": "augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"product_id": "augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/augeas-debuginfo@0.9.0-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "augeas-devel-0:0.9.0-1.el6.x86_64",
"product": {
"name": "augeas-devel-0:0.9.0-1.el6.x86_64",
"product_id": "augeas-devel-0:0.9.0-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/augeas-devel@0.9.0-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "augeas-libs-0:0.9.0-1.el6.x86_64",
"product": {
"name": "augeas-libs-0:0.9.0-1.el6.x86_64",
"product_id": "augeas-libs-0:0.9.0-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/augeas-libs@0.9.0-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "augeas-0:0.9.0-1.el6.x86_64",
"product": {
"name": "augeas-0:0.9.0-1.el6.x86_64",
"product_id": "augeas-0:0.9.0-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/augeas@0.9.0-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"product": {
"name": "glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"product_id": "glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-rdma@3.3.0.7rhs-1.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"product": {
"name": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"product_id": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-debuginfo@3.3.0.7rhs-1.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"product": {
"name": "glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"product_id": "glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.3.0.7rhs-1.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"product": {
"name": "glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"product_id": "glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-devel@3.3.0.7rhs-1.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"product": {
"name": "glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"product_id": "glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-fuse@3.3.0.7rhs-1.el5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"product": {
"name": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"product_id": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-debuginfo@3.3.0.7rhs-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64",
"product": {
"name": "glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64",
"product_id": "glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-rdma@3.3.0.7rhs-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"product": {
"name": "glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"product_id": "glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs@3.3.0.7rhs-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"product": {
"name": "glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"product_id": "glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-devel@3.3.0.7rhs-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"product": {
"name": "glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"product_id": "glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glusterfs-fuse@3.3.0.7rhs-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.3.0.7rhs-1.el5.src as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 5",
"product_id": "5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.src"
},
"product_reference": "glusterfs-0:3.3.0.7rhs-1.el5.src",
"relates_to_product_reference": "5Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.3.0.7rhs-1.el5.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 5",
"product_id": "5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.x86_64"
},
"product_reference": "glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"relates_to_product_reference": "5Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 5",
"product_id": "5Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64"
},
"product_reference": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"relates_to_product_reference": "5Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 5",
"product_id": "5Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64"
},
"product_reference": "glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"relates_to_product_reference": "5Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 5",
"product_id": "5Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64"
},
"product_reference": "glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"relates_to_product_reference": "5Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 5",
"product_id": "5Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64"
},
"product_reference": "glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"relates_to_product_reference": "5Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "appliance-0:1.7.1-1.el6rhs.src as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:appliance-0:1.7.1-1.el6rhs.src"
},
"product_reference": "appliance-0:1.7.1-1.el6rhs.src",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "appliance-base-0:1.7.1-1.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:appliance-base-0:1.7.1-1.el6rhs.noarch"
},
"product_reference": "appliance-base-0:1.7.1-1.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-0:0.9.0-1.el6.src as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.src"
},
"product_reference": "augeas-0:0.9.0-1.el6.src",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-0:0.9.0-1.el6.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.x86_64"
},
"product_reference": "augeas-0:0.9.0-1.el6.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-debuginfo-0:0.9.0-1.el6.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:augeas-debuginfo-0:0.9.0-1.el6.x86_64"
},
"product_reference": "augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-devel-0:0.9.0-1.el6.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:augeas-devel-0:0.9.0-1.el6.x86_64"
},
"product_reference": "augeas-devel-0:0.9.0-1.el6.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "augeas-libs-0:0.9.0-1.el6.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:augeas-libs-0:0.9.0-1.el6.x86_64"
},
"product_reference": "augeas-libs-0:0.9.0-1.el6.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gluster-swift-0:1.4.8-5.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.noarch"
},
"product_reference": "gluster-swift-0:1.4.8-5.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gluster-swift-0:1.4.8-5.el6rhs.src as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.src"
},
"product_reference": "gluster-swift-0:1.4.8-5.el6rhs.src",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gluster-swift-account-0:1.4.8-5.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:gluster-swift-account-0:1.4.8-5.el6rhs.noarch"
},
"product_reference": "gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gluster-swift-container-0:1.4.8-5.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:gluster-swift-container-0:1.4.8-5.el6rhs.noarch"
},
"product_reference": "gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gluster-swift-doc-0:1.4.8-5.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:gluster-swift-doc-0:1.4.8-5.el6rhs.noarch"
},
"product_reference": "gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gluster-swift-object-0:1.4.8-5.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:gluster-swift-object-0:1.4.8-5.el6rhs.noarch"
},
"product_reference": "gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch"
},
"product_reference": "gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.3.0.7rhs-1.el6rhs.src as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.src"
},
"product_reference": "glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64"
},
"product_reference": "glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64"
},
"product_reference": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64"
},
"product_reference": "glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64"
},
"product_reference": "glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64"
},
"product_reference": "glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64"
},
"product_reference": "glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64"
},
"product_reference": "glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvirt-0:0.9.10-21.el6_3.8.src as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.src"
},
"product_reference": "libvirt-0:0.9.10-21.el6_3.8.src",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvirt-0:0.9.10-21.el6_3.8.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.x86_64"
},
"product_reference": "libvirt-0:0.9.10-21.el6_3.8.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvirt-client-0:0.9.10-21.el6_3.8.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:libvirt-client-0:0.9.10-21.el6_3.8.x86_64"
},
"product_reference": "libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64"
},
"product_reference": "libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvirt-devel-0:0.9.10-21.el6_3.8.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:libvirt-devel-0:0.9.10-21.el6_3.8.x86_64"
},
"product_reference": "libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64"
},
"product_reference": "libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvirt-python-0:0.9.10-21.el6_3.8.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:libvirt-python-0:0.9.10-21.el6_3.8.x86_64"
},
"product_reference": "libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhn-check-0:1.0.0-73.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:rhn-check-0:1.0.0-73.el6rhs.noarch"
},
"product_reference": "rhn-check-0:1.0.0-73.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhn-client-tools-0:1.0.0-73.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.noarch"
},
"product_reference": "rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhn-client-tools-0:1.0.0-73.el6rhs.src as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.src"
},
"product_reference": "rhn-client-tools-0:1.0.0-73.el6rhs.src",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhn-setup-0:1.0.0-73.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:rhn-setup-0:1.0.0-73.el6rhs.noarch"
},
"product_reference": "rhn-setup-0:1.0.0-73.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch"
},
"product_reference": "rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sanlock-0:2.3-4.el6_3.src as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.src"
},
"product_reference": "sanlock-0:2.3-4.el6_3.src",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sanlock-0:2.3-4.el6_3.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.x86_64"
},
"product_reference": "sanlock-0:2.3-4.el6_3.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sanlock-debuginfo-0:2.3-4.el6_3.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:sanlock-debuginfo-0:2.3-4.el6_3.x86_64"
},
"product_reference": "sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sanlock-devel-0:2.3-4.el6_3.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:sanlock-devel-0:2.3-4.el6_3.x86_64"
},
"product_reference": "sanlock-devel-0:2.3-4.el6_3.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sanlock-lib-0:2.3-4.el6_3.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:sanlock-lib-0:2.3-4.el6_3.x86_64"
},
"product_reference": "sanlock-lib-0:2.3-4.el6_3.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sanlock-python-0:2.3-4.el6_3.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:sanlock-python-0:2.3-4.el6_3.x86_64"
},
"product_reference": "sanlock-python-0:2.3-4.el6_3.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sos-0:2.2-17.2.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.noarch"
},
"product_reference": "sos-0:2.2-17.2.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sos-0:2.2-17.2.el6rhs.src as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.src"
},
"product_reference": "sos-0:2.2-17.2.el6rhs.src",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.9.6-20.el6rhs.src as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.src"
},
"product_reference": "vdsm-0:4.9.6-20.el6rhs.src",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.9.6-20.el6rhs.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.x86_64"
},
"product_reference": "vdsm-0:4.9.6-20.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch"
},
"product_reference": "vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-cli-0:4.9.6-20.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:vdsm-cli-0:4.9.6-20.el6rhs.noarch"
},
"product_reference": "vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch"
},
"product_reference": "vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64"
},
"product_reference": "vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-gluster-0:4.9.6-20.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:vdsm-gluster-0:4.9.6-20.el6rhs.noarch"
},
"product_reference": "vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch"
},
"product_reference": "vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch"
},
"product_reference": "vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-python-0:4.9.6-20.el6rhs.x86_64 as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:vdsm-python-0:4.9.6-20.el6rhs.x86_64"
},
"product_reference": "vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-reg-0:4.9.6-20.el6rhs.noarch as a component of Red Hat Storage Server 2.0",
"product_id": "6Server-RHS-6.2.z:vdsm-reg-0:4.9.6-20.el6rhs.noarch"
},
"product_reference": "vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHS-6.2.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-0:2.0.techpreview1-4.el6rhs.src as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.src"
},
"product_reference": "rhsc-0:2.0.techpreview1-4.el6rhs.src",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch"
},
"product_reference": "rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-0:4.9.6-20.el6rhs.src as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:vdsm-0:4.9.6-20.el6rhs.src"
},
"product_reference": "vdsm-0:4.9.6-20.el6rhs.src",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch as a component of Red Hat Storage 2.0 Console",
"product_id": "6Server-RHSC:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch"
},
"product_reference": "vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"relates_to_product_reference": "6Server-RHSC"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.3.0.7rhs-1.el6.src as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.src"
},
"product_reference": "glusterfs-0:3.3.0.7rhs-1.el6.src",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-0:3.3.0.7rhs-1.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.x86_64"
},
"product_reference": "glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64"
},
"product_reference": "glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64"
},
"product_reference": "glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64"
},
"product_reference": "glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 6",
"product_id": "6Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64"
},
"product_reference": "glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64",
"relates_to_product_reference": "6Server-RHSClient"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sebastian Krahmer"
],
"organization": "SUSE Security Team"
}
],
"cve": "CVE-2012-4406",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2012-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "854757"
}
],
"notes": [
{
"category": "description",
"text": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Openstack-Swift: insecure use of python pickle()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.src",
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"6Server-RHS-6.2.z:appliance-0:1.7.1-1.el6rhs.src",
"6Server-RHS-6.2.z:appliance-base-0:1.7.1-1.el6rhs.noarch",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.src",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-devel-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-libs-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.src",
"6Server-RHS-6.2.z:gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.src",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:rhn-check-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.src",
"6Server-RHS-6.2.z:rhn-setup-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.src",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-devel-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-lib-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-python-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.noarch",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.src",
"6Server-RHSC:rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHSC:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.src",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4406"
},
{
"category": "external",
"summary": "RHBZ#854757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4406",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4406"
}
],
"release_date": "2012-05-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-28T22:14:00+00:00",
"details": "All users of Red Hat Storage are advised to upgrade to these updated\npackages.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.src",
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"6Server-RHS-6.2.z:appliance-0:1.7.1-1.el6rhs.src",
"6Server-RHS-6.2.z:appliance-base-0:1.7.1-1.el6rhs.noarch",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.src",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-devel-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-libs-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.src",
"6Server-RHS-6.2.z:gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.src",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:rhn-check-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.src",
"6Server-RHS-6.2.z:rhn-setup-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.src",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-devel-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-lib-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-python-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.noarch",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.src",
"6Server-RHSC:rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHSC:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.src",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0691"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.src",
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"6Server-RHS-6.2.z:appliance-0:1.7.1-1.el6rhs.src",
"6Server-RHS-6.2.z:appliance-base-0:1.7.1-1.el6rhs.noarch",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.src",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-devel-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-libs-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.src",
"6Server-RHS-6.2.z:gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.src",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:rhn-check-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.src",
"6Server-RHS-6.2.z:rhn-setup-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.src",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-devel-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-lib-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-python-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.noarch",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.src",
"6Server-RHSC:rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHSC:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.src",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Openstack-Swift: insecure use of python pickle()"
},
{
"acknowledgments": [
{
"names": [
"Kurt Seifried"
],
"organization": "Red Hat Security Response Team",
"summary": "This issue was discovered by Red Hat."
},
{
"names": [
"Michael Scherer"
],
"organization": "Red Hat Regional IT team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-5635",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2012-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "886364"
}
],
"notes": [
{
"category": "description",
"text": "Multiple insecure temporary file creation flaws were found in Red Hat Storage. A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GlusterFS: insecure temporary file creation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.src",
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"6Server-RHS-6.2.z:appliance-0:1.7.1-1.el6rhs.src",
"6Server-RHS-6.2.z:appliance-base-0:1.7.1-1.el6rhs.noarch",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.src",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-devel-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-libs-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.src",
"6Server-RHS-6.2.z:gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.src",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:rhn-check-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.src",
"6Server-RHS-6.2.z:rhn-setup-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.src",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-devel-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-lib-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-python-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.noarch",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.src",
"6Server-RHSC:rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHSC:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.src",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5635"
},
{
"category": "external",
"summary": "RHBZ#886364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=886364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5635",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5635"
}
],
"release_date": "2013-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-28T22:14:00+00:00",
"details": "All users of Red Hat Storage are advised to upgrade to these updated\npackages.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.src",
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"6Server-RHS-6.2.z:appliance-0:1.7.1-1.el6rhs.src",
"6Server-RHS-6.2.z:appliance-base-0:1.7.1-1.el6rhs.noarch",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.src",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-devel-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-libs-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.src",
"6Server-RHS-6.2.z:gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.src",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:rhn-check-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.src",
"6Server-RHS-6.2.z:rhn-setup-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.src",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-devel-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-lib-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-python-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.noarch",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.src",
"6Server-RHSC:rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHSC:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.src",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0691"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.src",
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"6Server-RHS-6.2.z:appliance-0:1.7.1-1.el6rhs.src",
"6Server-RHS-6.2.z:appliance-base-0:1.7.1-1.el6rhs.noarch",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.src",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-devel-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-libs-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.src",
"6Server-RHS-6.2.z:gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.src",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:rhn-check-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.src",
"6Server-RHS-6.2.z:rhn-setup-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.src",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-devel-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-lib-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-python-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.noarch",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.src",
"6Server-RHSC:rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHSC:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.src",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "GlusterFS: insecure temporary file creation"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-5638",
"discovery_date": "2012-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "887010"
}
],
"notes": [
{
"category": "description",
"text": "The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sanlock world writable /var/log/sanlock.log",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.src",
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"6Server-RHS-6.2.z:appliance-0:1.7.1-1.el6rhs.src",
"6Server-RHS-6.2.z:appliance-base-0:1.7.1-1.el6rhs.noarch",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.src",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-devel-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-libs-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.src",
"6Server-RHS-6.2.z:gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.src",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:rhn-check-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.src",
"6Server-RHS-6.2.z:rhn-setup-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.src",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-devel-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-lib-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-python-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.noarch",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.src",
"6Server-RHSC:rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHSC:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.src",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5638"
},
{
"category": "external",
"summary": "RHBZ#887010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887010"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5638",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5638"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5638",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5638"
}
],
"release_date": "2012-08-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-03-28T22:14:00+00:00",
"details": "All users of Red Hat Storage are advised to upgrade to these updated\npackages.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.src",
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"6Server-RHS-6.2.z:appliance-0:1.7.1-1.el6rhs.src",
"6Server-RHS-6.2.z:appliance-base-0:1.7.1-1.el6rhs.noarch",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.src",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-devel-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-libs-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.src",
"6Server-RHS-6.2.z:gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.src",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:rhn-check-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.src",
"6Server-RHS-6.2.z:rhn-setup-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.src",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-devel-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-lib-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-python-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.noarch",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.src",
"6Server-RHSC:rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHSC:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.src",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0691"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.src",
"5Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el5.x86_64",
"5Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el5.x86_64",
"6Server-RHS-6.2.z:appliance-0:1.7.1-1.el6rhs.src",
"6Server-RHS-6.2.z:appliance-base-0:1.7.1-1.el6rhs.noarch",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.src",
"6Server-RHS-6.2.z:augeas-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-debuginfo-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-devel-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:augeas-libs-0:0.9.0-1.el6.x86_64",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-0:1.4.8-5.el6rhs.src",
"6Server-RHS-6.2.z:gluster-swift-account-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-container-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-doc-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-object-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:gluster-swift-proxy-0:1.4.8-5.el6rhs.noarch",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.src",
"6Server-RHS-6.2.z:glusterfs-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-devel-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-fuse-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-geo-replication-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-rdma-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:glusterfs-server-0:3.3.0.7rhs-1.el6rhs.x86_64",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.src",
"6Server-RHS-6.2.z:libvirt-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-client-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-debuginfo-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-devel-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-lock-sanlock-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:libvirt-python-0:0.9.10-21.el6_3.8.x86_64",
"6Server-RHS-6.2.z:rhn-check-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-client-tools-0:1.0.0-73.el6rhs.src",
"6Server-RHS-6.2.z:rhn-setup-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:rhn-setup-gnome-0:1.0.0-73.el6rhs.noarch",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.src",
"6Server-RHS-6.2.z:sanlock-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-debuginfo-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-devel-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-lib-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sanlock-python-0:2.3-4.el6_3.x86_64",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.noarch",
"6Server-RHS-6.2.z:sos-0:2.2-17.2.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHS-6.2.z:vdsm-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-cli-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debug-plugin-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-debuginfo-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-gluster-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-faqemu-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-hook-vhostmd-0:4.9.6-20.el6rhs.noarch",
"6Server-RHS-6.2.z:vdsm-python-0:4.9.6-20.el6rhs.x86_64",
"6Server-RHS-6.2.z:vdsm-reg-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-0:2.0.techpreview1-4.el6rhs.src",
"6Server-RHSC:rhsc-backend-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-config-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-dbscripts-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-genericapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-jboss-deps-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-notification-service-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-restapi-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-setup-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-tools-common-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-userportal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:rhsc-webadmin-portal-0:2.0.techpreview1-4.el6rhs.noarch",
"6Server-RHSC:vdsm-0:4.9.6-20.el6rhs.src",
"6Server-RHSC:vdsm-bootstrap-0:4.9.6-20.el6rhs.noarch",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.src",
"6Server-RHSClient:glusterfs-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-debuginfo-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-devel-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-fuse-0:3.3.0.7rhs-1.el6.x86_64",
"6Server-RHSClient:glusterfs-rdma-0:3.3.0.7rhs-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "sanlock world writable /var/log/sanlock.log"
}
]
}
rhsa-2012:1379
Vulnerability from csaf_redhat
Published
2012-10-16 17:44
Modified
2024-11-22 06:02
Summary
Red Hat Security Advisory: openstack-swift security update
Notes
Topic
Updated openstack-swift packages that fix one security issue are now
available for Red Hat OpenStack Essex.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
OpenStack Swift (http://swift.openstack.org) is a highly available,
distributed, eventually consistent object/blob store.
It was found that OpenStack Swift used the Python pickle module in an
insecure way to serialize and deserialize data from memcached. As
memcached does not have authentication, an attacker on the local network,
or possibly an unprivileged user in a virtual machine hosted on OpenStack,
could use this flaw to inject specially-crafted data that would lead to
arbitrary code execution. (CVE-2012-4406)
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting this issue.
Note: The fix for CVE-2012-4406 is not enabled by default, and requires
manual action on the affected Proxy nodes. This update adds a
"memcache_serialization_support" option. It is configured in
"/etc/swift/proxy-server.conf" and is set to "0" by default. This default
setting is vulnerable to CVE-2012-4406.
To enable the fix, this option must be changed; however, the required
changes can have a temporary, large performance impact. The following
instructions aim to minimize performance issues:
1) Install the updated openstack-swift packages.
2) In "/etc/swift/proxy-server.conf", set the
"memcache_serialization_support" option in the memcache/[filter:cache]
section to "1". (The default value, "0", leaves you vulnerable to
CVE-2012-4406.) When set to "1", the JSON (JavaScript Object Notation)
format is used but pickle is still supported. This configuration is still
vulnerable, but new data will be stored in JSON format.
3) After setting the option to "1", run "service openstack-swift-proxy
restart".
4) After 24 hours, set the "memcache_serialization_support" option in
"/etc/swift/proxy-server.conf" to "2". "2" is the secure option: only JSON
is used.
5) After setting the option to "2", run "service openstack-swift-proxy
restart".
If "memcache_serialization_support" is set directly from "0" to "2", all
data in memcached will be flushed and re-created. This can lead to a
temporary, large performance impact.
All users of openstack-swift are advised to upgrade to these updated
packages, which correct this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated openstack-swift packages that fix one security issue are now\navailable for Red Hat OpenStack Essex.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenStack Swift (http://swift.openstack.org) is a highly available,\ndistributed, eventually consistent object/blob store.\n\nIt was found that OpenStack Swift used the Python pickle module in an\ninsecure way to serialize and deserialize data from memcached. As\nmemcached does not have authentication, an attacker on the local network,\nor possibly an unprivileged user in a virtual machine hosted on OpenStack,\ncould use this flaw to inject specially-crafted data that would lead to\narbitrary code execution. (CVE-2012-4406)\n\nRed Hat would like to thank Sebastian Krahmer of the SUSE Security Team for\nreporting this issue.\n\nNote: The fix for CVE-2012-4406 is not enabled by default, and requires\nmanual action on the affected Proxy nodes. This update adds a\n\"memcache_serialization_support\" option. It is configured in\n\"/etc/swift/proxy-server.conf\" and is set to \"0\" by default. This default\nsetting is vulnerable to CVE-2012-4406.\n\nTo enable the fix, this option must be changed; however, the required\nchanges can have a temporary, large performance impact. The following\ninstructions aim to minimize performance issues:\n\n1) Install the updated openstack-swift packages.\n\n2) In \"/etc/swift/proxy-server.conf\", set the\n\"memcache_serialization_support\" option in the memcache/[filter:cache]\nsection to \"1\". (The default value, \"0\", leaves you vulnerable to\nCVE-2012-4406.) When set to \"1\", the JSON (JavaScript Object Notation)\nformat is used but pickle is still supported. This configuration is still\nvulnerable, but new data will be stored in JSON format.\n\n3) After setting the option to \"1\", run \"service openstack-swift-proxy\nrestart\".\n\n4) After 24 hours, set the \"memcache_serialization_support\" option in\n\"/etc/swift/proxy-server.conf\" to \"2\". \"2\" is the secure option: only JSON\nis used.\n\n5) After setting the option to \"2\", run \"service openstack-swift-proxy\nrestart\".\n\nIf \"memcache_serialization_support\" is set directly from \"0\" to \"2\", all\ndata in memcached will be flushed and re-created. This can lead to a\ntemporary, large performance impact.\n\nAll users of openstack-swift are advised to upgrade to these updated\npackages, which correct this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:1379",
"url": "https://access.redhat.com/errata/RHSA-2012:1379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "854757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1379.json"
}
],
"title": "Red Hat Security Advisory: openstack-swift security update",
"tracking": {
"current_release_date": "2024-11-22T06:02:07+00:00",
"generator": {
"date": "2024-11-22T06:02:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2012:1379",
"initial_release_date": "2012-10-16T17:44:00+00:00",
"revision_history": [
{
"date": "2012-10-16T17:44:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-10-16T17:44:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:02:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOS Essex Release",
"product": {
"name": "RHOS Essex Release",
"product_id": "6Server-Essex",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-swift-account-0:1.4.8-5.el6.noarch",
"product": {
"name": "openstack-swift-account-0:1.4.8-5.el6.noarch",
"product_id": "openstack-swift-account-0:1.4.8-5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-swift-account@1.4.8-5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-swift-proxy-0:1.4.8-5.el6.noarch",
"product": {
"name": "openstack-swift-proxy-0:1.4.8-5.el6.noarch",
"product_id": "openstack-swift-proxy-0:1.4.8-5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-swift-proxy@1.4.8-5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-swift-0:1.4.8-5.el6.noarch",
"product": {
"name": "openstack-swift-0:1.4.8-5.el6.noarch",
"product_id": "openstack-swift-0:1.4.8-5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-swift@1.4.8-5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-swift-object-0:1.4.8-5.el6.noarch",
"product": {
"name": "openstack-swift-object-0:1.4.8-5.el6.noarch",
"product_id": "openstack-swift-object-0:1.4.8-5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-swift-object@1.4.8-5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-swift-container-0:1.4.8-5.el6.noarch",
"product": {
"name": "openstack-swift-container-0:1.4.8-5.el6.noarch",
"product_id": "openstack-swift-container-0:1.4.8-5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-swift-container@1.4.8-5.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-swift-doc-0:1.4.8-5.el6.noarch",
"product": {
"name": "openstack-swift-doc-0:1.4.8-5.el6.noarch",
"product_id": "openstack-swift-doc-0:1.4.8-5.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-swift-doc@1.4.8-5.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-swift-0:1.4.8-5.el6.src",
"product": {
"name": "openstack-swift-0:1.4.8-5.el6.src",
"product_id": "openstack-swift-0:1.4.8-5.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-swift@1.4.8-5.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-swift-0:1.4.8-5.el6.noarch as a component of RHOS Essex Release",
"product_id": "6Server-Essex:openstack-swift-0:1.4.8-5.el6.noarch"
},
"product_reference": "openstack-swift-0:1.4.8-5.el6.noarch",
"relates_to_product_reference": "6Server-Essex"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-swift-0:1.4.8-5.el6.src as a component of RHOS Essex Release",
"product_id": "6Server-Essex:openstack-swift-0:1.4.8-5.el6.src"
},
"product_reference": "openstack-swift-0:1.4.8-5.el6.src",
"relates_to_product_reference": "6Server-Essex"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-swift-account-0:1.4.8-5.el6.noarch as a component of RHOS Essex Release",
"product_id": "6Server-Essex:openstack-swift-account-0:1.4.8-5.el6.noarch"
},
"product_reference": "openstack-swift-account-0:1.4.8-5.el6.noarch",
"relates_to_product_reference": "6Server-Essex"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-swift-container-0:1.4.8-5.el6.noarch as a component of RHOS Essex Release",
"product_id": "6Server-Essex:openstack-swift-container-0:1.4.8-5.el6.noarch"
},
"product_reference": "openstack-swift-container-0:1.4.8-5.el6.noarch",
"relates_to_product_reference": "6Server-Essex"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-swift-doc-0:1.4.8-5.el6.noarch as a component of RHOS Essex Release",
"product_id": "6Server-Essex:openstack-swift-doc-0:1.4.8-5.el6.noarch"
},
"product_reference": "openstack-swift-doc-0:1.4.8-5.el6.noarch",
"relates_to_product_reference": "6Server-Essex"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-swift-object-0:1.4.8-5.el6.noarch as a component of RHOS Essex Release",
"product_id": "6Server-Essex:openstack-swift-object-0:1.4.8-5.el6.noarch"
},
"product_reference": "openstack-swift-object-0:1.4.8-5.el6.noarch",
"relates_to_product_reference": "6Server-Essex"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-swift-proxy-0:1.4.8-5.el6.noarch as a component of RHOS Essex Release",
"product_id": "6Server-Essex:openstack-swift-proxy-0:1.4.8-5.el6.noarch"
},
"product_reference": "openstack-swift-proxy-0:1.4.8-5.el6.noarch",
"relates_to_product_reference": "6Server-Essex"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Sebastian Krahmer"
],
"organization": "SUSE Security Team"
}
],
"cve": "CVE-2012-4406",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2012-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "854757"
}
],
"notes": [
{
"category": "description",
"text": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Openstack-Swift: insecure use of python pickle()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Essex:openstack-swift-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-0:1.4.8-5.el6.src",
"6Server-Essex:openstack-swift-account-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-container-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-doc-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-object-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-proxy-0:1.4.8-5.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4406"
},
{
"category": "external",
"summary": "RHBZ#854757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4406",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4406"
}
],
"release_date": "2012-05-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-10-16T17:44:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"6Server-Essex:openstack-swift-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-0:1.4.8-5.el6.src",
"6Server-Essex:openstack-swift-account-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-container-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-doc-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-object-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-proxy-0:1.4.8-5.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:1379"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-Essex:openstack-swift-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-0:1.4.8-5.el6.src",
"6Server-Essex:openstack-swift-account-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-container-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-doc-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-object-0:1.4.8-5.el6.noarch",
"6Server-Essex:openstack-swift-proxy-0:1.4.8-5.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Openstack-Swift: insecure use of python pickle()"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…