The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target’s userspace passthrough interface (TCMU). It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO’s in-kernel backstores.
Security Fix(es):
A flaw was found in the implementation of CheckConfig method in handler_glfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault. (CVE-2017-1000198)
A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call the UnregisterHandler method with the name of a handler loaded internally in tcmu-runner via dlopen() to trigger DoS. (CVE-2017-1000200)
A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call UnregisterHandler method with non-existing tcmu handler as paramater to trigger DoS. (CVE-2017-1000201)
A file information leak flaw was found in implementation of the CheckConfig method in handler_qcow.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could use this flaw to leak arbitrary file names which might not be retrievable by non-root user. (CVE-2017-1000199)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | tcmu-runner-debuginfo | < 1.2.0-16.el7rhgs | tcmu-runner-debuginfo-1.2.0-16.el7rhgs.x86_64.rpm |
RedHat | 7 | x86_64 | libtcmu | < 1.2.0-16.el7rhgs | libtcmu-1.2.0-16.el7rhgs.x86_64.rpm |
RedHat | 7 | x86_64 | tcmu-runner | < 1.2.0-16.el7rhgs | tcmu-runner-1.2.0-16.el7rhgs.x86_64.rpm |
RedHat | 7 | x86_64 | libtcmu-devel | < 1.2.0-16.el7rhgs | libtcmu-devel-1.2.0-16.el7rhgs.x86_64.rpm |