Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

SUSE: 2021:0154-1 Critical: Open-Iscsi Buffer Overflow Patches

suse
Calendar Grey January 14, 2021
Dist Suse Esm H88
SUSE Security Patch for open-iscsi: Critical updates addressing memory leaks and security flaws. Update your system promptly!
An update that contains security fixes can now be installed

Summary

This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908, including: * uip: check for TCP urgent pointer past end of frame * uip: check for u8 overflow when processing TCP options * uip: check for header length underflow during checksum calculation * fwparam_ppc: Fix memory leak in fwparam_ppc.c * iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c * fwparam_ppc: Fix illegal memory access in fwparam_ppc.c * sysfs: Verify parameter of sysfs_device_get() * fwparam_ppc: Fix NULL pointer dereference in find_devtree() * open-iscsi: Clean user_param list when process exit * iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev() * open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req()

References

#1179440 #1179908

Affected Products:

SUSE Linux Enterprise Module for Basesystem 15-SP2

https://bugzilla.suse.com/1179440

https://bugzilla.suse.com/1179908

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0127-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.