Detections
Analytics

openSUSE Security Update : open-iscsi (openSUSE-2021-89)

high Nessus Plugin ID 145366

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for open-iscsi fixes the following issues :

 - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908, including :

 - uip: check for TCP urgent pointer past end of frame

 - uip: check for u8 overflow when processing TCP options

 - uip: check for header length underflow during checksum calculation

 - fwparam_ppc: Fix memory leak in fwparam_ppc.c

 - iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c

 - fwparam_ppc: Fix illegal memory access in fwparam_ppc.c

 - sysfs: Verify parameter of sysfs_device_get()

 - fwparam_ppc: Fix NULL pointer dereference in find_devtree()

 - open-iscsi: Clean user_param list when process exit

 - iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev()

 - open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req()

 - open-iscsi: Fix invalid pointer deference in find_initiator()

 - iscsiuio: Fix invalid parameter when call fstat()

 - iscsi-iname: Verify open() return value before calling read()

 - iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface

 - Updatged to latest upstream, including :

 - iscsiadm: Optimize the the verification of mode paramters

 - iscsid: Poll timeout value to 1 minute for iscsid

 - iscsiadm: fix host stats mode coredump

 - iscsid: fix logging level when starting and shutting down daemon

 - Updated iscsiadm man page.

 - Fix memory leak in sysfs_get_str

 - libopeniscsiusr: Compare with max int instead of max long

 - Systemd unit files should not depend on network.target (bsc#1179440).

 - Updated to latest upstream, including async login ability :

 - Implement login 'no_wait' for iscsiadm NODE mode

 - iscsiadm buffer overflow regression when discovering many targets at once

 - iscsid: Check Invalid Session id for stop connection

 - Add ability to attempt target logins asynchronously

 - %service_del_postun_without_restart is now available on SLE More accurately it's been introduced in SLE12-SP2+ and SLE15+

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Solution

Update the affected open-iscsi packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1179440

https://bugzilla.opensuse.org/show_bug.cgi?id=1179908

Plugin Details

Severity: High

ID: 145366

File Name: openSUSE-2021-89.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/25/2021

Updated: 1/25/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:open-iscsi, p-cpe:/a:novell:opensuse:open-iscsi-debuginfo, p-cpe:/a:novell:opensuse:open-iscsi-debugsource, p-cpe:/a:novell:opensuse:open-iscsi-devel, cpe:/o:novell:opensuse:15.2, p-cpe:/a:novell:opensuse:iscsiuio-debuginfo, p-cpe:/a:novell:opensuse:libopeniscsiusr0_2_0, p-cpe:/a:novell:opensuse:libopeniscsiusr0_2_0-debuginfo, p-cpe:/a:novell:opensuse:iscsiuio

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 1/16/2021

Vulnerability Publication Date: 1/16/2021