Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
199
security advisorysecurity updatesoftware updateCentOS 7 CESA-2020-5434 Moderate: Targetcli Security Update Details
Upstream details at : https://access.redhat.com/errata/RHSA-2020:5434. CentOS Errata and Security Advisory 2020:5434 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2020:5434 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: a5909e444b1d27c443afbbb9a2c128c3ee271e86aed9bea120cceb657e7bc326 targetcli-2.1.53-1.el7_9.noarch.rpm Source: 3d9e97c3f67fa68079d62f5561f6f06c31673472f5ade5adc4781f3aa14dec5c targetcli-2.1.53-1.el7_9.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Dec 17, 2020
CentOS
200
security advisorymoderatesecurity fixModerate Vulnerability in Scientific Linux 7: Targetcli Permissions Issue
targetcli: weak permissions for /etc/target and backup files (CVE-2020-13867) SL7 noarch targetcli-2.1.53-1.el7_9.noarch.rpm - Scientific Linux Development Team. Synopsis: Moderate: targetcli security update Advisory ID: SLSA-2020:5434-1 Issue Date: 2020-12-15 CVE Numbers: None -- Security Fix(es): * targetcli: weak permissions for /etc/target and backup files (CVE-2020-13867) -- SL7 noarch targetcli-2.1.53-1.el7_9.noarch.rpm - Scientific Linux Development Team . Critical security patch for targetcli prompted by inadequate access controls in /etc/target and its backup files. Advisory ID SLSA-2020-5434-2.. targetcli, permissions, sl7, backup files, security update. . LinuxSecurity.com Team
Dec 15, 2020
Scientific Linux
98
security advisorymoderatesecurity updateRed Hat: RHSA-2021-7894 Important: cockpit Permissions Vulnerability
An update for targetcli is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: targetcli security update Advisory ID: RHSA-2020:5434-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5434 Issue date: 2020-12-15 CVE Names: CVE-2020-13867 ==================================================================== 1. Summary: An update for targetcli is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The targetcli package contains an administration shell for configuring Internet Small Computer System Interface (iSCSI), Fibre Channel over Ethernet (FCoE), and other SCSI targets, using the Target Core Mod/Linux-IO (TCM/LIO) kernel target subsystem. FCoE users also need to install and use the fcoe-utils package. The following packages have been upgraded to a later upstream version: targetcli (2.1.53). (BZ#1853645) Security Fix(es): * targetcli: weak permissions for /etc/target and backup files (CVE-2020-13867) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and otherrelated information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1848143 - CVE-2020-13867 targetcli: weak permissions for /etc/target and backup files 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: targetcli-2.1.53-1.el7_9.src.rpm noarch: targetcli-2.1.53-1.el7_9.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: targetcli-2.1.53-1.el7_9.src.rpm noarch: targetcli-2.1.53-1.el7_9.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: targetcli-2.1.53-1.el7_9.src.rpm noarch: targetcli-2.1.53-1.el7_9.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: targetcli-2.1.53-1.el7_9.src.rpm noarch: targetcli-2.1.53-1.el7_9.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-13867 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX9idxdzjgjWX9erEAQh+QA/+OFGt8chQXPzdbsItdgf/KR3qFWPYDUNA ColaQL42QQtIkPlcml2RePvhfUBVWDRZJ4Ab1PDgiXIj5lnjz4Bd90a1UocJ+05j lDsWPVfIGrKdgxOJoS4WXEfoKhTRyLrR1PC5SIsbfrNt5CR2OXT54futvSIeHXKs aIRx9Oq5iDEife2zVZAHUpquROk/4nqgWAo+UItrAqX0AiHW4wQvGg5071NX0OeA WMmelp5fK+l6U6ph1a1miKA1T/u7W3oJEHPo+tCDkNW49iVCbT5Ubz00pPTVggtW Sd4RJvYswV32ggIXx4r+lj5veTRI5kOzStu8U1zibGF1mIIsALhniw/UfN/vc5GD U+f/xqrtsDosRQ+qimkPkQ6K2cgiSpEPz06744bNnGBecPGEGp1mwTJRdP40ddya vWfrZz8WrVJleVeJhn6zKLBlbpk29UzJQHuI8s0M3oEXdvuQNYQNNy5XWGcdKUaV bG7pe2Xj2MeVJPAhfm0cW5vnXMeR55692bMa48IU2s34BpQaqy6/AHtH1Vaqt1Gi nMhYHq1+D7chleQXHAC0P342L5rOLG83H1E3If3veNnFK/6ohebkLrMctiW1amdf Wn0MVQdcGtRTT5XxqI6h/Gl1CNW6tRSzJLHtVns97AnEaWTyspa0TYGQyd0P6qzN SMcUXIc6IAw=eyaf -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 15, 2020
Red Hat
98
security advisorymoderatesecurity issueRedHat: RHSA-2020-4697 Moderate: targetcli Weak Permissions Fix
An update for targetcli is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: targetcli security and enhancement update Advisory ID: RHSA-2020:4697-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4697 Issue date: 2020-11-03 CVE Names: CVE-2020-13867 ==================================================================== 1. Summary: An update for targetcli is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - noarch 3. Description: The targetcli package contains an administration shell for configuring Internet Small Computer System Interface (iSCSI), Fibre Channel over Ethernet (FCoE), and other SCSI targets, using the Target Core Mod/Linux-IO (TCM/LIO) kernel target subsystem. FCoE users also need to install and use the fcoe-utils package. The following packages have been upgraded to a later upstream version: targetcli (2.1.53). (BZ#1845167) Security Fix(es): * targetcli: weak permissions for /etc/target and backup files (CVE-2020-13867) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information onchanges in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1820167 - RHEL8.3: update targetcli to latest version 1848143 - CVE-2020-13867 targetcli: weak permissions for /etc/target and backup files 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: targetcli-2.1.53-1.el8.src.rpm noarch: targetcli-2.1.53-1.el8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-13867 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6I1jtzjgjWX9erEAQhh4Q/+JgArmDSoF/FITv7bvprdrcQErZ+ztocM SWQwpntXDRwR0+CP+8Mq5oaxw6a+nbDLscqvPWF3glKmb/O5nUTFg1zDrikL3WOO cBdCZ1NJF7TjwUEd+5vY26RvNk72z54zceaMPicKv7owL/KPznBGLrJW8bULRCqH 9cVJXMJGBQ8LWbpj+wZUn6Zu0OdJp2A8HeK2vctccgSff70mVeqak9LiXUblRX6A r69sP9+vryY4kOJq8Yp0zWmqpdjSxczOLCDpGUjaGyTryy+blFXePfAgA/OQ8Ktu hSeMKkT5Xx5DhwjEzWPjTNkzw4wFyCycufSgNuyULruTAG+V+3CPkEKgyAtfp/it 4otnsjbaDIEb6zzM6Unu3COMWx+jw83MH8gzcUyUGLTHkZQsyqWYTSU3/vfuOe/w D2LKO73+cqSL+OYnSnVVGkQRMPFzOJKMQdxhgkGLjFBBxgiWzGOn+gTawhJObh8e dHp910r+1hkOMxemlmo/cj3XzJO3b+o6jcmQjr0GajoYHQABP8rn69PVl218OHzL 6yEM+rCv9pJKhtVeP7TR8iCmQYl609EqQDyZxlBnRwin8BL7qk/kWitqxPP6CW1f TTcQ2njmC8+DJRf4UzKK1BATdL6ObIsjQN1dVR6VLDNpeMz8rl6lCn5uNulo5VhQ IQ+Pldv0icg=ueW5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 04, 2020
Red Hat
203
security advisoryaccess flawconfidentiality issueMageia: 2020-0326 Moderate: Targetcli Access Flaw Confidentiality Risk
An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highest threat from this vulnerability is to confidentiality (CVE-2020-13867). . MGASA-2020-0326 - Updated targetcli packages fix security vulnerability Publication date: 18 Aug 2020 URL: https://advisories.mageia.org/MGASA-2020-0326.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-13867 An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highest threat from this vulnerability is to confidentiality (CVE-2020-13867). References: - https://bugs.mageia.org/show_bug.cgi?id=27041 - https://lists.fedoraproject.org/archives/list/
Aug 18, 2020
Mageia
100
security advisorymoderateupdateSUSE: 2020:2101-1 Moderate: Targetcli-Fb Permission Issue Fix
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for targetcli-fb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2101-1 Rating: moderate References: #1172743 Cross-References: CVE-2020-13867 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for targetcli-fb fixes the following issues: - CVE-2020-13867: Fixed the permissions in /etc/target (bsc#1172743) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2101=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2101=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-targetcli-fb-2.1.52-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-targetcli-fb-2.1.52-3.3.1 targetcli-fb-common-2.1.52-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13867.html https://bugzilla.suse.com/1172743 _______________________________________________ sle-security-updates mailing list
Jul 31, 2020
SuSE
89
security advisoryupdateFedoraFedora 32: FEDORA-2020-83d2616f81 Critical: Targetcli Permissions
Update to version 2.1.53. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-83d2616f81 2020-07-22 01:05:11.869386 --------------------------------------------------------------------------------Name : targetcli Product : Fedora 32 Version : 2.1.53 Release : 1.fc32 URL : https://github.com/open-iscsi/targetcli-fb Summary : An administration shell for storage targets Description : An administration shell for configuring iSCSI, FCoE, and other SCSI targets, using the TCM/LIO kernel target subsystem. FCoE users will also need to install and use fcoe-utils. --------------------------------------------------------------------------------Update Information: Update to version 2.1.53 --------------------------------------------------------------------------------ChangeLog: * Fri Jul 10 2020 Maurizio Lombardi - 2.1.53-1 - Update to new version --------------------------------------------------------------------------------References: [ 1 ] Bug #1848144 - CVE-2020-13867 targetcli: weak permissions for /etc/target and backup files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1848144 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-83d2616f81' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 21, 2020
•Critical
Fedora
98
security advisoryimportantred hat enterpriseRed Hat Enterprise Linux 8: RHSA-2020-1933-01 Critical Targetcli Update
An update for targetcli is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: targetcli security update Advisory ID: RHSA-2020:1933-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1933 Issue date: 2020-04-28 CVE Names: CVE-2020-10699 ==================================================================== 1. Summary: An update for targetcli is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - noarch 3. Description: The targetcli package contains an administration shell for configuring Internet Small Computer System Interface (iSCSI), Fibre Channel over Ethernet (FCoE), and other SCSI targets, using the Target Core Mod/Linux-IO (TCM/LIO) kernel target subsystem. FCoE users also need to install and use the fcoe-utils package. Security Fix(es): * targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands (CVE-2020-10699) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1819219 - CVE-2020-10699 targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: targetcli-2.1.51-4.el8_2.src.rpm noarch: targetcli-2.1.51-4.el8_2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10699 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqiYYtzjgjWX9erEAQgG7g/+Nf4Bs/F5iBGpLMd9PRZaun2JA/BgmAJx oTNdX69TgvyhEYAr1kYTpGwAD2usmD5OlAFISUMv8pQbneQXhyoQID0VDbE2hv/f j/106cc5pbz/oL5vhWxBIF3wvmw97GxuWnv4eQZFCSr9V/JXskbO7cEA+RGVdu/B HVLgP0iuPuaDaEWUnkenGgdr1QCuZ+mFAUVCn/mKZbCfH7t9SgE9ivUGyw2zpTrD BgzKvXTFOyS/TzjHvgVmsD2j4H030dzNOEIXC5QorEq9/TNpBEP2+cSCWwI68IHD WFN5VuNAOg0zrYERNDzwx7g2qXs29upzirfA/HDDakEGKqpX/9MZ0t25E6iFAjMS KkmfCp89En9Qo6DajqLWoRtl84DydinV1WQNTjXJaxVlnEBQGAKwUYif6+BUGibn 712+gXESbqxtrYUqqNMYbzAMXSKP5E0cXc+FJ6RzOz6SgizJECqTDcOZB7bgSoEt P3kvSm+HXcmzormiHfEigLCw0KsfrYyr2f/CdLUxBuB30KgR79PDLPI39taavi2c wIbkyRkntX+wzaTlmD3CDlTb0Y7PHUS9y0BFJ+JYB1KUCNuCOY5NbZtzo/Oojam/ YAhl8qwiCZKLivqJ16QbZNIMVtbR25GU41TSDO0AZEqImNvxsLRhuUHXkt69roBn ybrHXd/Y96s=IHcR -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 28, 2020
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!