openSUSE-SU-2021:0097-1

Опубликовано: 17 янв. 2021

Источник: suse-cvrf

Описание

Security update for tcmu-runner

This update for tcmu-runner fixes the following issues:

CVE-2021-3139: Fixed a LIO security issue (bsc#1180676).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2

libtcmu2-1.5.2-lp152.2.3.1

tcmu-runner-1.5.2-lp152.2.3.1

tcmu-runner-handler-rbd-1.5.2-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PTFH53IA4W7XVWYIQM4NLLAGVV2F4GXC/
E-Mail link for openSUSE-SU-2021:0097-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1180676
SUSE Bug 1180676
https://www.suse.com/security/cve/CVE-2021-3139/
SUSE CVE CVE-2021-3139 page

Описание

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.

Затронутые продукты

openSUSE Leap 15.2:libtcmu2-1.5.2-lp152.2.3.1

openSUSE Leap 15.2:tcmu-runner-1.5.2-lp152.2.3.1

openSUSE Leap 15.2:tcmu-runner-handler-rbd-1.5.2-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3139.html
CVE-2021-3139
https://bugzilla.suse.com/1178684
SUSE Bug 1178684
https://bugzilla.suse.com/1180676
SUSE Bug 1180676

openSUSE-SU-2021:0097-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-3139

Описание

Затронутые продукты

Ссылки