- Issued:
- 2010-07-08
- Updated:
- 2010-07-08
RHSA-2010:0518 - Security Advisory
Synopsis
Important: scsi-target-utils security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated scsi-target-utils package that fixes multiple security issues is
now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Description
The scsi-target-utils package contains the daemon and tools to set up and
monitor SCSI targets. Currently, iSCSI software and iSER targets are
supported.
Multiple buffer overflow flaws were found in scsi-target-utils' tgtd
daemon. A remote attacker could trigger these flaws by sending a
carefully-crafted Internet Storage Name Service (iSNS) request, causing the
tgtd daemon to crash. (CVE-2010-2221)
Red Hat would like to thank the Vulnerability Research Team at TELUS
Security Labs and Fujita Tomonori for responsibly reporting these flaws.
All scsi-target-utils users should upgrade to this updated package, which
contains a backported patch to correct these issues. All running
scsi-target-utils services must be restarted for the update to take effect.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Resilient Storage for x86_64 5 x86_64
- Red Hat Enterprise Linux Resilient Storage for x86_64 5 ppc
- Red Hat Enterprise Linux Resilient Storage for x86_64 5 ia64
- Red Hat Enterprise Linux Resilient Storage for x86_64 5 i386
- Red Hat Enterprise Linux Resilient Storage (for RHEL Server) from RHUI 5 x86_64
- Red Hat Enterprise Linux Resilient Storage (for RHEL Server) from RHUI 5 i386
Fixes
- BZ - 593877 - CVE-2010-2221 scsi-target-utils: stack buffer overflow vulnerability
CVEs
Red Hat Enterprise Linux Resilient Storage for x86_64 5
| SRPM | |
|---|---|
| scsi-target-utils-0.0-6.20091205snap.el5_5.3.src.rpm | SHA-256: d7cef4b4f121bb5b79a73bb8e9f7853fc8653ce05b439453038aacf6d67a98a2 |
| x86_64 | |
| scsi-target-utils-0.0-6.20091205snap.el5_5.3.x86_64.rpm | SHA-256: 7515d55196e8e0bc42b9afef57659a56611c4ded486d02c80cf07e2d8a5d2c24 |
| ppc | |
| scsi-target-utils-0.0-6.20091205snap.el5_5.3.ppc.rpm | SHA-256: f4dcdc4ac6e44a169ee25a69439d9357b03a17549d6b51b411264ee69a4ab619 |
| ia64 | |
| scsi-target-utils-0.0-6.20091205snap.el5_5.3.ia64.rpm | SHA-256: 69aad794089d5fa26d4efd583ba4ecbeb9b6d3fb47abadc4ffd11d5693fc5360 |
| i386 | |
| scsi-target-utils-0.0-6.20091205snap.el5_5.3.i386.rpm | SHA-256: 3e8d0d209d9cdd87569d193670c7e30e5f14b0a62b9f605118cb33ccb355d86d |
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) from RHUI 5
| SRPM | |
|---|---|
| scsi-target-utils-0.0-6.20091205snap.el5_5.3.src.rpm | SHA-256: d7cef4b4f121bb5b79a73bb8e9f7853fc8653ce05b439453038aacf6d67a98a2 |
| x86_64 | |
| scsi-target-utils-0.0-6.20091205snap.el5_5.3.x86_64.rpm | SHA-256: 7515d55196e8e0bc42b9afef57659a56611c4ded486d02c80cf07e2d8a5d2c24 |
| i386 | |
| scsi-target-utils-0.0-6.20091205snap.el5_5.3.i386.rpm | SHA-256: 3e8d0d209d9cdd87569d193670c7e30e5f14b0a62b9f605118cb33ccb355d86d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
