X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 29 Nov 2017 03:34:55 +0000 (UTC) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tcmu-runner security update Advisory ID: RHSA-2017:3277-01 Product: Red Hat Gluster Storage Advisory URL: https://access.redhat.com/errata/RHSA-2017:3277 Issue date: 2017-11-29 CVE Names: CVE-2017-1000198 CVE-2017-1000199 CVE-2017-1000200 CVE-2017-1000201 ===================================================================== 1. Summary: An update for tcmu-runner is now available for Red Hat Gluster Storage 3.3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Gluster Storage Server 3.3 on RHEL-7 - x86_64 3. Description: The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface (TCMU). It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores. Security Fix(es): * A flaw was found in the implementation of CheckConfig method in handler_glfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault. (CVE-2017-1000198) * A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call the UnregisterHandler method with the name of a handler loaded internally in tcmu-runner via dlopen() to trigger DoS. (CVE-2017-1000200) * A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call UnregisterHandler method with non-existing tcmu handler as paramater to trigger DoS. (CVE-2017-1000201) * A file information leak flaw was found in implementation of the CheckConfig method in handler_qcow.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could use this flaw to leak arbitrary file names which might not be retrievable by non-root user. (CVE-2017-1000199) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1472332 - tcmu-runner: Various security and functionality related bugfixes (multiple DoS, memory leaks) 1487246 - CVE-2017-1000198 tcmu-runner: glfs handler allows local DoS via crafted CheckConfig strings 1487247 - CVE-2017-1000201 tcmu-runner: UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler causes DoS 1487251 - CVE-2017-1000200 tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes DoS 1487252 - CVE-2017-1000199 tcmu-runner: qcow handler opens up an information leak via the CheckConfig D-Bus method 6. Package List: Red Hat Gluster Storage Server 3.3 on RHEL-7: Source: tcmu-runner-1.2.0-16.el7rhgs.src.rpm x86_64: libtcmu-1.2.0-16.el7rhgs.x86_64.rpm libtcmu-devel-1.2.0-16.el7rhgs.x86_64.rpm tcmu-runner-1.2.0-16.el7rhgs.x86_64.rpm tcmu-runner-debuginfo-1.2.0-16.el7rhgs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-1000198 https://access.redhat.com/security/cve/CVE-2017-1000199 https://access.redhat.com/security/cve/CVE-2017-1000200 https://access.redhat.com/security/cve/CVE-2017-1000201 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaHipnXlSAg2UNWIIRApskAJ4p+MyMaPXy3qq89HU2FrSo4Qb+fwCffIls CIp3Ur5Mk5owm97snG6u5+k= =Ofa8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce