- Issued:
- 2017-11-29
- Updated:
- 2017-11-29
RHSA-2017:3277 - Security Advisory
Synopsis
Moderate: tcmu-runner security update
Type/Severity
Security Advisory: Moderate
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for tcmu-runner is now available for Red Hat Gluster Storage 3.3.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface (TCMU). It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores.
Security Fix(es):
- A flaw was found in the implementation of CheckConfig method in handler_glfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault. (CVE-2017-1000198)
- A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call the UnregisterHandler method with the name of a handler loaded internally in tcmu-runner via dlopen() to trigger DoS. (CVE-2017-1000200)
- A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call UnregisterHandler method with non-existing tcmu handler as paramater to trigger DoS. (CVE-2017-1000201)
- A file information leak flaw was found in implementation of the CheckConfig method in handler_qcow.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could use this flaw to leak arbitrary file names which might not be retrievable by non-root user. (CVE-2017-1000199)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64
Fixes
- BZ - 1472332 - tcmu-runner: Various security and functionality related bugfixes (multiple DoS, memory leaks)
- BZ - 1487246 - CVE-2017-1000198 tcmu-runner: glfs handler allows local DoS via crafted CheckConfig strings
- BZ - 1487247 - CVE-2017-1000201 tcmu-runner: UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler causes DoS
- BZ - 1487251 - CVE-2017-1000200 tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes DoS
- BZ - 1487252 - CVE-2017-1000199 tcmu-runner: qcow handler opens up an information leak via the CheckConfig D-Bus method
Red Hat Gluster Storage Server for On-premise 3 for RHEL 7
| SRPM | |
|---|---|
| tcmu-runner-1.2.0-16.el7rhgs.src.rpm | SHA-256: feee192437b3335eed89d409ee3a99f11f0bc2f3f7cd839a4d11c26702df04bb |
| x86_64 | |
| libtcmu-1.2.0-16.el7rhgs.x86_64.rpm | SHA-256: ffcc2e670ddb611e335cd135ae0da6d6827c1a72b11e866b73b187d49ce54c30 |
| libtcmu-devel-1.2.0-16.el7rhgs.x86_64.rpm | SHA-256: 636acda7c5cb70036a5fc2cbc4e70047bd1500972037e2921e2c9a148d9184ea |
| tcmu-runner-1.2.0-16.el7rhgs.x86_64.rpm | SHA-256: 24312d0ffa40ebc3b3483070b7cd234e0541eb8c9dbe9fe1e7c1a760d893d55c |
| tcmu-runner-debuginfo-1.2.0-16.el7rhgs.x86_64.rpm | SHA-256: f902a936511de69e8614dd7773934d0287dcedb1c3ffc19abeb72684dfbaa0cb |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
