You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa targetcli

Sigurnosni nedostatak programskog paketa targetcli

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: targetcli security update
Advisory ID: RHSA-2020:1933-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1933
Issue date: 2020-04-28
CVE Names: CVE-2020-10699
=====================================================================

1. Summary:

An update for targetcli is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) – noarch

3. Description:

The targetcli package contains an administration shell for configuring
Internet Small Computer System Interface (iSCSI), Fibre Channel over
Ethernet (FCoE), and other SCSI targets, using the Target Core Mod/Linux-IO
(TCM/LIO) kernel target subsystem. FCoE users also need to install and use
the fcoe-utils package.

Security Fix(es):

* targetcli: world writable /var/run/targetclid.sock allows unprivileged
user to execute commands (CVE-2020-10699)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1819219 – CVE-2020-10699 targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
targetcli-2.1.51-4.el8_2.src.rpm

noarch:
targetcli-2.1.51-4.el8_2.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-10699
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXqiYYtzjgjWX9erEAQgG7g/+Nf4Bs/F5iBGpLMd9PRZaun2JA/BgmAJx
oTNdX69TgvyhEYAr1kYTpGwAD2usmD5OlAFISUMv8pQbneQXhyoQID0VDbE2hv/f
j/106cc5pbz/oL5vhWxBIF3wvmw97GxuWnv4eQZFCSr9V/JXskbO7cEA+RGVdu/B
HVLgP0iuPuaDaEWUnkenGgdr1QCuZ+mFAUVCn/mKZbCfH7t9SgE9ivUGyw2zpTrD
BgzKvXTFOyS/TzjHvgVmsD2j4H030dzNOEIXC5QorEq9/TNpBEP2+cSCWwI68IHD
WFN5VuNAOg0zrYERNDzwx7g2qXs29upzirfA/HDDakEGKqpX/9MZ0t25E6iFAjMS
KkmfCp89En9Qo6DajqLWoRtl84DydinV1WQNTjXJaxVlnEBQGAKwUYif6+BUGibn
712+gXESbqxtrYUqqNMYbzAMXSKP5E0cXc+FJ6RzOz6SgizJECqTDcOZB7bgSoEt
P3kvSm+HXcmzormiHfEigLCw0KsfrYyr2f/CdLUxBuB30KgR79PDLPI39taavi2c
wIbkyRkntX+wzaTlmD3CDlTb0Y7PHUS9y0BFJ+JYB1KUCNuCOY5NbZtzo/Oojam/
YAhl8qwiCZKLivqJ16QbZNIMVtbR25GU41TSDO0AZEqImNvxsLRhuUHXkt69roBn
ybrHXd/Y96s=
=IHcR
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Debian. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja, otkrivanje osjetljivih informacija...

Close