Описание
Security update for tcmu-runner
This update for tcmu-runner fixes the following issues:
Security issues fixed:
- CVE-2017-1000198: The glfs handler allowed local DoS via crafted CheckConfig strings (bsc#1049485)
- CVE-2017-1000199: The qcow handler leaked information via the CheckConfig D-Bus method (bsc#1049491)
Список пакетов
SUSE Linux Enterprise Server 12 SP2
tcmu-runner-1.0.4-3.3.10
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
tcmu-runner-1.0.4-3.3.10
SUSE Linux Enterprise Server for SAP Applications 12 SP2
tcmu-runner-1.0.4-3.3.10
SUSE Linux Enterprise Software Development Kit 12 SP2
tcmu-runner-devel-1.0.4-3.3.10
Ссылки
- Link for SUSE-SU-2017:2601-1
- E-Mail link for SUSE-SU-2017:2601-1
- SUSE Security Ratings
- SUSE Bug 1049485
- SUSE Bug 1049491
- SUSE CVE CVE-2017-1000198 page
- SUSE CVE CVE-2017-1000199 page
Описание
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:tcmu-runner-1.0.4-3.3.10
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tcmu-runner-1.0.4-3.3.10
SUSE Linux Enterprise Server for SAP Applications 12 SP2:tcmu-runner-1.0.4-3.3.10
SUSE Linux Enterprise Software Development Kit 12 SP2:tcmu-runner-devel-1.0.4-3.3.10
Ссылки
- CVE-2017-1000198
- SUSE Bug 1049485
Описание
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2:tcmu-runner-1.0.4-3.3.10
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tcmu-runner-1.0.4-3.3.10
SUSE Linux Enterprise Server for SAP Applications 12 SP2:tcmu-runner-1.0.4-3.3.10
SUSE Linux Enterprise Software Development Kit 12 SP2:tcmu-runner-devel-1.0.4-3.3.10
Ссылки
- CVE-2017-1000199
- SUSE Bug 1049491