exploitDog

SUSE-SU-2021:0663-1

Опубликовано: 01 мар. 2021

Источник: suse-cvrf

Описание

Security update for open-iscsi

This update for open-iscsi fixes the following issues:

Fixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and CVE-2020-13988 (bsc#1179908):

check for TCP urgent pointer past end of frame
check for u8 overflow when processing TCP options
check for header length underflow during checksum calculation

Список пакетов

Image SLES12-SP4-Azure-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-EC2-HVM-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-GCE-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-OCI-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-SAP-Azure

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-SAP-Azure-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-SAP-EC2-HVM

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-SAP-EC2-HVM-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-SAP-GCE

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-SAP-GCE-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-SAP-OCI-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-Azure-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-Azure-Basic-On-Demand

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-Azure-HPC-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-Azure-HPC-On-Demand

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-Azure-SAP-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-Azure-SAP-On-Demand

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-Azure-Standard-On-Demand

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-EC2-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-EC2-On-Demand

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-EC2-SAP-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-EC2-SAP-On-Demand

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-GCE-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-GCE-On-Demand

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-GCE-SAP-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-GCE-SAP-On-Demand

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-OCI-BYOS-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

SUSE Linux Enterprise Server 12 SP4-LTSS

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

SUSE Linux Enterprise Server 12 SP5

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

SUSE Linux Enterprise Server for SAP Applications 12 SP4

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

SUSE Linux Enterprise Server for SAP Applications 12 SP5

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

SUSE OpenStack Cloud 9

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

SUSE OpenStack Cloud Crowbar 9

iscsiuio-0.7.8.2-12.27.2

libopeniscsiusr0_2_0-2.0.876-12.27.2

open-iscsi-2.0.876-12.27.2

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20210663-1/
Link for SUSE-SU-2021:0663-1
https://lists.suse.com/pipermail/sle-security-updates/2021-March/008407.html
E-Mail link for SUSE-SU-2021:0663-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1179908
SUSE Bug 1179908
https://www.suse.com/security/cve/CVE-2020-13987/
SUSE CVE CVE-2020-13987 page
https://www.suse.com/security/cve/CVE-2020-13988/
SUSE CVE CVE-2020-13988 page
https://www.suse.com/security/cve/CVE-2020-17437/
SUSE CVE CVE-2020-17437 page
https://www.suse.com/security/cve/CVE-2020-17438/
SUSE CVE CVE-2020-17438 page

Описание

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.

Затронутые продукты

Image SLES12-SP4-Azure-BYOS:iscsiuio-0.7.8.2-12.27.2

Image SLES12-SP4-Azure-BYOS:libopeniscsiusr0_2_0-2.0.876-12.27.2

Image SLES12-SP4-Azure-BYOS:open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-EC2-HVM-BYOS:iscsiuio-0.7.8.2-12.27.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-13987.html
CVE-2020-13987
https://bugzilla.suse.com/1179907
SUSE Bug 1179907
https://bugzilla.suse.com/1179908
SUSE Bug 1179908
https://bugzilla.suse.com/1193385
SUSE Bug 1193385

Описание

An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.

Затронутые продукты

Image SLES12-SP4-Azure-BYOS:iscsiuio-0.7.8.2-12.27.2

Image SLES12-SP4-Azure-BYOS:libopeniscsiusr0_2_0-2.0.876-12.27.2

Image SLES12-SP4-Azure-BYOS:open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-EC2-HVM-BYOS:iscsiuio-0.7.8.2-12.27.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-13988.html
CVE-2020-13988
https://bugzilla.suse.com/1179907
SUSE Bug 1179907
https://bugzilla.suse.com/1179908
SUSE Bug 1179908
https://bugzilla.suse.com/1193385
SUSE Bug 1193385

Описание

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.

Затронутые продукты

Image SLES12-SP4-Azure-BYOS:iscsiuio-0.7.8.2-12.27.2

Image SLES12-SP4-Azure-BYOS:libopeniscsiusr0_2_0-2.0.876-12.27.2

Image SLES12-SP4-Azure-BYOS:open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-EC2-HVM-BYOS:iscsiuio-0.7.8.2-12.27.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-17437.html
CVE-2020-17437
https://bugzilla.suse.com/1179907
SUSE Bug 1179907
https://bugzilla.suse.com/1179908
SUSE Bug 1179908

Описание

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.

Затронутые продукты

Image SLES12-SP4-Azure-BYOS:iscsiuio-0.7.8.2-12.27.2

Image SLES12-SP4-Azure-BYOS:libopeniscsiusr0_2_0-2.0.876-12.27.2

Image SLES12-SP4-Azure-BYOS:open-iscsi-2.0.876-12.27.2

Image SLES12-SP4-EC2-HVM-BYOS:iscsiuio-0.7.8.2-12.27.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-17438.html
CVE-2020-17438
https://bugzilla.suse.com/1179907
SUSE Bug 1179907
https://bugzilla.suse.com/1179908
SUSE Bug 1179908

Уязвимость SUSE-SU-2021:0663-1