openSUSE Security Update : tcmu-runner (openSUSE-2017-919)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for tcmu-runner fixes the following issues :

- qcow handler opens up an information leak via the
CheckConfig D-Bus method (bsc#1049491)

- glfs handler allows local DoS via crafted CheckConfig
strings (bsc#1049485)

- UnregisterHandler dbus method in tcmu-runner daemon for
non-existing handler causes denial of service
(bsc#1049488)

- UnregisterHandler D-Bus method in tcmu-runner daemon for
internal handler causes denial of service (bsc#1049489)

- Memory leaks can be triggered in tcmu-runner daemon by
calling D-Bus method for (Un)RegisterHandler
(bsc#1049490)

This update was imported from the SUSE:SLE-12-SP3:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1049485
https://bugzilla.opensuse.org/show_bug.cgi?id=1049488
https://bugzilla.opensuse.org/show_bug.cgi?id=1049489
https://bugzilla.opensuse.org/show_bug.cgi?id=1049490
https://bugzilla.opensuse.org/show_bug.cgi?id=1049491

Solution :

Update the affected tcmu-runner packages.

Risk factor :

High

Family: SuSE Local Security Checks

Nessus Plugin ID: 102470 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now