[CLSA-2026:1777566732] Fix CVE(s): CVE-2018-10841

Type:

security

Severity:

Important

Release date:

2026-04-30 16:32:33 UTC

Description:

   * SECURITY UPDATE: privilege escalation on glusterd nodes via the CLI
     RPC program being exposed on the TCP listener when management-plane
     SSL is enabled, allowing a TLS-authenticated client outside the
     trusted storage pool to issue privileged volume-management commands
     via gluster --remote-host
     - debian/patches/CVE-2018-10841.patch: drop gd_inet_programs[1] =
       &gd_svc_cli_prog rebinding in glusterd init() so the trusted-pool
       CLI program remains bound to the TCP listener and the full CLI
       RPC program continues to be served only over the local UNIX
       domain socket
     - CVE-2018-10841

Updated packages:

glusterfs-client_3.7.6-1ubuntu1+tuxcare.els2_amd64.deb
sha:f256d87c468b2fd050abdac2fc4363aa8b02a130
glusterfs-common_3.7.6-1ubuntu1+tuxcare.els2_amd64.deb
sha:03440a8a27d14c1256f1dee6cc1b9de63e9ffb15
glusterfs-server_3.7.6-1ubuntu1+tuxcare.els2_amd64.deb
sha:9f015fc8712fe9175c11febed8b8c25c5c44c8f3

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.