SUSE-SU-2021:0158-1

Опубликовано: 18 янв. 2021

Источник: suse-cvrf

Описание

Security update for tcmu-runner

This update for tcmu-runner fixes the following issue:

CVE-2021-3139: Fixed a LIO security issue (bsc#1180676).

Список пакетов

SUSE Enterprise Storage 6

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Linux Enterprise Server 15 SP1-BCL

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Linux Enterprise Server 15 SP1-LTSS

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Linux Enterprise Server 15-LTSS

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Linux Enterprise Server for SAP Applications 15

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Manager Proxy 4.0

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Manager Retail Branch Server 4.0

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

SUSE Manager Server 4.0

libtcmu2-1.4.0-3.9.1

tcmu-runner-1.4.0-3.9.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20210158-1/
Link for SUSE-SU-2021:0158-1
https://lists.suse.com/pipermail/sle-security-updates/2021-January/008219.html
E-Mail link for SUSE-SU-2021:0158-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1180676
SUSE Bug 1180676
https://www.suse.com/security/cve/CVE-2021-3139/
SUSE CVE CVE-2021-3139 page

Описание

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.

Затронутые продукты

SUSE Enterprise Storage 6:libtcmu2-1.4.0-3.9.1

SUSE Enterprise Storage 6:tcmu-runner-1.4.0-3.9.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libtcmu2-1.4.0-3.9.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:tcmu-runner-1.4.0-3.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3139.html
CVE-2021-3139
https://bugzilla.suse.com/1178684
SUSE Bug 1178684
https://bugzilla.suse.com/1180676
SUSE Bug 1180676

SUSE-SU-2021:0158-1

Описание

Список пакетов

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

SUSE Linux Enterprise Server for SAP Applications 15 SP1

SUSE Manager Proxy 4.0

SUSE Manager Retail Branch Server 4.0

SUSE Manager Server 4.0

Ссылки

Уязвимость: CVE-2021-3139

Описание

Затронутые продукты

Ссылки