openSUSE-SU-2021:0128-1

Опубликовано: 20 янв. 2021

Источник: suse-cvrf

Описание

Security update for tcmu-runner

This update for tcmu-runner fixes the following issue:

CVE-2021-3139: Fixed a LIO security issue (bsc#1180676).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

libtcmu2-1.4.0-lp151.3.9.1

tcmu-runner-1.4.0-lp151.3.9.1

tcmu-runner-handler-rbd-1.4.0-lp151.3.9.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JYQLRIH544YEAMHU4GAXRYAFN2OW7FVX/
E-Mail link for openSUSE-SU-2021:0128-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1180676
SUSE Bug 1180676
https://www.suse.com/security/cve/CVE-2021-3139/
SUSE CVE CVE-2021-3139 page

Описание

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.

Затронутые продукты

openSUSE Leap 15.1:libtcmu2-1.4.0-lp151.3.9.1

openSUSE Leap 15.1:tcmu-runner-1.4.0-lp151.3.9.1

openSUSE Leap 15.1:tcmu-runner-handler-rbd-1.4.0-lp151.3.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3139.html
CVE-2021-3139
https://bugzilla.suse.com/1178684
SUSE Bug 1178684
https://bugzilla.suse.com/1180676
SUSE Bug 1180676

openSUSE-SU-2021:0128-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2021-3139

Описание

Затронутые продукты

Ссылки