Debian: Subject: [DSA 1314-1] New open-iscsi packages fix several vulnerabilities

    Date29 Jun 2007
    CategoryDebian
    3245
    Posted ByLinuxSecurity Advisories
    Several local and remote vulnerabilities have been discovered in open-iscsi, a transport-independent iSCSI implementation. One of the security flaw discovered by Olaf Kirch was that due to a programming error access to the management interface socket was insufficiently protected, which allows denial of service.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1314-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    June 19th, 2007                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : open-iscsi
    Vulnerability  : several
    Problem-Type   : local/remote
    Debian-specific: no
    CVE ID         : CVE-2007-3099 CVE-2007-3100
    
    Several local and remote vulnerabilities have been discovered in
    open-iscsi, a transport-independent iSCSI implementation. The Common
    Vulnerabilities and Exposures project identifies the following problems:
    
    CVE-2007-3099
    
        Olaf Kirch discovered that due to a programming error access to the
        management interface socket was insufficiently protected, which allows
        denial of service.
    
    CVE-2007-3100
    
        Olaf Kirch discovered that access to a semaphore used in the logging
        code was insufficiently protected, allowing denial of service.
    
    The oldstable distribution (sarge) doesn't include open-iscsi.
    
    For the stable distribution (etch) these problems have been fixed
    in version 2.0.730-1etch1.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 2.0.865-1.
    
    We recommend that you upgrade your open-iscsi packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1.dsc
          Size/MD5 checksum:      592 c3ca52812e7394fbd46d4890d543d4e3
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1.diff.gz
          Size/MD5 checksum:     7611 55cd1fbd431d428bd16d0afd2137c875
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730.orig.tar.gz
          Size/MD5 checksum:   178486 6aea522b7e5699d4934ec37a11c82b78
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_alpha.deb
          Size/MD5 checksum:   139992 b567b7256f9c8895af6b08bb647612f2
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_amd64.deb
          Size/MD5 checksum:   126726 66d7ebc09fcedebb449686ff3906d8bd
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_arm.deb
          Size/MD5 checksum:   123180 fcdbeb68b4d9793b9f28ef72059bed38
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_hppa.deb
          Size/MD5 checksum:   123422 0215cb45c1061c9233ee5c883307c479
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_i386.deb
          Size/MD5 checksum:   112012 1a821f05ed1a9cc9d95d05a07a050f26
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_ia64.deb
          Size/MD5 checksum:   188172 cb60c8853f7c7206b0764707ac47e78b
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_mips.deb
          Size/MD5 checksum:   125214 e0c95f7b635638fef66818b1eea0b2bf
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_mipsel.deb
          Size/MD5 checksum:   124264 25b970039344dd406244ec9ca454cedb
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_powerpc.deb
          Size/MD5 checksum:   114856 ab099a8dcb293c4452f14ad9c1e030a0
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_s390.deb
          Size/MD5 checksum:   137232 2d5a617312409bf401e38c65cc3a0b69
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_sparc.deb
          Size/MD5 checksum:   114362 3df414bd3d53afe5878a4079e3165f81
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.