Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

openSUSE Leap 15.2: 2021:0089-1 Important: open-iscsi Security Update

opensuse
Calendar Grey January 16, 2021
Dist Opensuse Esm H88
Important openSUSE Security Patch for open-iscsi resolves several vulnerabilities including buffer overflows and connection handling errors.
An update that contains security fixes can now be installed

Description

This update for open-iscsi fixes the following issues:

- Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908,

including:

* uip: check for TCP urgent pointer past end of frame

* uip: check for u8 overflow when processing TCP options

* uip: check for header length underflow during checksum calculation

* fwparam_ppc: Fix memory leak in fwparam_ppc.c

* iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c

* fwparam_ppc: Fix illegal memory access in fwparam_ppc.c

* sysfs: Verify parameter of sysfs_device_get()

* fwparam_ppc: Fix NULL pointer dereference in find_devtree()

* open-iscsi: Clean user_param list when process exit

* iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev()

* open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req()

* open-iscsi: Fix invalid pointer deference in find_initiator()

* iscsiuio: Fix invalid parameter when call fstat()

* iscsi-iname:...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory kernel update security fix important memory leak open-iscsi openSUSE TCP issues memory leaks iscsi

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-89=1

Package List

- openSUSE Leap 15.2 (i586 x86_64):

iscsiuio-0.7.8.6-lp152.18.6.1

iscsiuio-debuginfo-0.7.8.6-lp152.18.6.1

libopeniscsiusr0_2_0-2.1.3-lp152.18.6.1

libopeniscsiusr0_2_0-debuginfo-2.1.3-lp152.18.6.1

open-iscsi-2.1.3-lp152.18.6.1

open-iscsi-debuginfo-2.1.3-lp152.18.6.1

open-iscsi-debugsource-2.1.3-lp152.18.6.1

open-iscsi-devel-2.1.3-lp152.18.6.1

References

https://bugzilla.suse.com/1179440

https://bugzilla.suse.com/1179908

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:0089-1
Rating: important
Affected Products: openSUSE Leap 15.2 .

Topics%20covered

Topics Covered

security advisory kernel update security fix important memory leak open-iscsi openSUSE TCP issues memory leaks iscsi

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here