Publishing details
Changelog
tcmu (1.5.2-5ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: Access control bypass vulnerability
- debian/patches/CVE-2021-3139_1.patch: fail cross-device XCOPY requests.
- debian/patches/CVE-2021-3139_2.patch: fail XCOPY requests with inline
data.
- debian/patches/CVE-2021-3139_3.patch: don't assume two XCOPY CSCDs.
- debian/patches/CVE-2021-3139_4.patch: error if both src/dst_dev are unset
after CSCD.
- CVE-2021-3139
-- Paulo Flabiano Smorigo <email address hidden> Tue, 19 Jan 2021 13:35:24 +0000
Builds
Built packages
-
libtcmu2
Library that handles the userspace side of the LIO TCM-User backstore
-
libtcmu2-dbgsym
debug symbols for libtcmu2
-
tcmu-runner
Daemon that handles the userspace side of the LIO TCM-User backstore
-
tcmu-runner-dbgsym
debug symbols for tcmu-runner
Package files