Описание
Recommended update for open-iscsi
This update for open-iscsi fixes the following issues:
- Enabled asynchronous logins for iscsi.service (bsc#1183421)
- Fixed a login issue when target is delayed
Список пакетов
Container suse/sles/15.2/virt-launcher:0.38.1
Image SLES15-SP2-Azure-Basic
Image SLES15-SP2-Azure-Standard
Image SLES15-SP2-BYOS-Azure
Image SLES15-SP2-BYOS-EC2-HVM
Image SLES15-SP2-BYOS-GCE
Image SLES15-SP2-CHOST-BYOS-Aliyun
Image SLES15-SP2-CHOST-BYOS-Azure
Image SLES15-SP2-CHOST-BYOS-EC2
Image SLES15-SP2-CHOST-BYOS-GCE
Image SLES15-SP2-EC2-HVM
Image SLES15-SP2-GCE
Image SLES15-SP2-HPC-Azure
Image SLES15-SP2-HPC-BYOS-Azure
Image SLES15-SP2-HPC-BYOS-EC2-HVM
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
Image SLES15-SP2-SAP-Azure
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP2-SAP-BYOS-Azure
Image SLES15-SP2-SAP-BYOS-EC2-HVM
Image SLES15-SP2-SAP-BYOS-GCE
Image SLES15-SP2-SAP-EC2-HVM
Image SLES15-SP2-SAP-GCE
SUSE Linux Enterprise Micro 5.0
SUSE Linux Enterprise Module for Basesystem 15 SP2
Ссылки
- Link for SUSE-RU-2021:1517-1
- E-Mail link for SUSE-RU-2021:1517-1
- SUSE Security Ratings
- SUSE Bug 1179908
- SUSE Bug 1183421
- SUSE CVE CVE-2020-13987 page
- SUSE CVE CVE-2020-13988 page
- SUSE CVE CVE-2020-17437 page
- SUSE CVE CVE-2020-17438 page
Описание
An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
Затронутые продукты
Ссылки
- CVE-2020-13987
- SUSE Bug 1179907
- SUSE Bug 1179908
- SUSE Bug 1193385
Описание
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.
Затронутые продукты
Ссылки
- CVE-2020-13988
- SUSE Bug 1179907
- SUSE Bug 1179908
- SUSE Bug 1193385
Описание
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.
Затронутые продукты
Ссылки
- CVE-2020-17437
- SUSE Bug 1179907
- SUSE Bug 1179908
Описание
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.
Затронутые продукты
Ссылки
- CVE-2020-17438
- SUSE Bug 1179907
- SUSE Bug 1179908