RHSA-2017:3277 - Security Advisory
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
An update for tcmu-runner is now available for Red Hat Gluster Storage 3.3.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface (TCMU). It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores.
- A flaw was found in the implementation of CheckConfig method in handler_glfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault. (CVE-2017-1000198)
- A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call the UnregisterHandler method with the name of a handler loaded internally in tcmu-runner via dlopen() to trigger DoS. (CVE-2017-1000200)
- A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call UnregisterHandler method with non-existing tcmu handler as paramater to trigger DoS. (CVE-2017-1000201)
- A file information leak flaw was found in implementation of the CheckConfig method in handler_qcow.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could use this flaw to leak arbitrary file names which might not be retrievable by non-root user. (CVE-2017-1000199)
For details on how to apply this update, which includes the changes described in this advisory, refer to:
- Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64
- BZ - 1472332 - tcmu-runner: Various security and functionality related bugfixes (multiple DoS, memory leaks)
- BZ - 1487246 - CVE-2017-1000198 tcmu-runner: glfs handler allows local DoS via crafted CheckConfig strings
- BZ - 1487247 - CVE-2017-1000201 tcmu-runner: UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler causes DoS
- BZ - 1487251 - CVE-2017-1000200 tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes DoS
- BZ - 1487252 - CVE-2017-1000199 tcmu-runner: qcow handler opens up an information leak via the CheckConfig D-Bus method
Red Hat Gluster Storage Server for On-premise 3 for RHEL 7