tcmu 1.5.2-5ubuntu0.20.04.1 source package in Ubuntu

Changelog

tcmu (1.5.2-5ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Access control bypass vulnerability
    - debian/patches/CVE-2021-3139_1.patch: fail cross-device XCOPY requests.
    - debian/patches/CVE-2021-3139_2.patch: fail XCOPY requests with inline
      data.
    - debian/patches/CVE-2021-3139_3.patch: don't assume two XCOPY CSCDs.
    - debian/patches/CVE-2021-3139_4.patch: error if both src/dst_dev are unset
      after CSCD.
    - CVE-2021-3139

 -- Paulo Flabiano Smorigo <email address hidden>  Tue, 19 Jan 2021 13:35:24 +0000

Upload details

Uploaded by:
Paulo Flabiano Smorigo on 2021-01-19
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates on 2021-01-27 universe misc
Focal security on 2021-01-27 universe misc

Downloads

File Size SHA-256 Checksum
tcmu_1.5.2.orig.tar.xz 122.6 KiB 698d450e370beaeb043180fc1fde3f6e19243f0c8cb60df4a4a7e1437b065c09
tcmu_1.5.2-5ubuntu0.20.04.1.debian.tar.xz 7.9 KiB 3ab667bd440a3b4a3cae1defd5b16f1c99fdc452b9e5c457b42c0e9d176f4b5b
tcmu_1.5.2-5ubuntu0.20.04.1.dsc 2.1 KiB 316225f585f7d9e83ca5f5c10d5dff3299b54c011683c707d9a79722810f886e

View changes file

Binary packages built by this source

libtcmu2: Library that handles the userspace side of the LIO TCM-User backstore

 LIO is the SCSI target in the Linux kernel. It is entirely kernel
 code, and allows exported SCSI logical units (LUNs) to be backed by
 regular files or block devices. But, if one want to get fancier with
 the capabilities of the device one is emulating, the kernel is not
 necessarily the right place. While there are userspace libraries for
 compression, encryption, and clustered storage solutions like Ceph or
 Gluster, these are not accessible from the kernel.
 .
 The TCMU userspace-passthrough backstore allows a userspace process
 to handle requests to a LUN. But since the kernel-user interface that
 TCMU provides must be fast and flexible, it is complex enough that
 one would like to avoid each userspace handler having to write boilerplate
 code.
 .
 tcmu-runner handles the messy details of the TCMU interface -- UIO,
 netlink, pthreads, and DBus -- and exports a more friendly C plugin
 module API. Modules using this API are called "TCMU
 handlers". Handler authors can write code just to handle the SCSI
 commands as desired, and can also link with whatever userspace
 libraries they like.
 .
 This is the library package

libtcmu2-dbgsym: debug symbols for libtcmu2
tcmu-runner: Daemon that handles the userspace side of the LIO TCM-User backstore

 LIO is the SCSI target in the Linux kernel. It is entirely kernel
 code, and allows exported SCSI logical units (LUNs) to be backed by
 regular files or block devices. But, if one want to get fancier with
 the capabilities of the device one is emulating, the kernel is not
 necessarily the right place. While there are userspace libraries for
 compression, encryption, and clustered storage solutions like Ceph or
 Gluster, these are not accessible from the kernel.
 .
 The TCMU userspace-passthrough backstore allows a userspace process
 to handle requests to a LUN. But since the kernel-user interface that
 TCMU provides must be fast and flexible, it is complex enough that
 one would like to avoid each userspace handler having to write boilerplate
 code.
 .
 tcmu-runner handles the messy details of the TCMU interface -- UIO,
 netlink, pthreads, and DBus -- and exports a more friendly C plugin
 module API. Modules using this API are called "TCMU
 handlers". Handler authors can write code just to handle the SCSI
 commands as desired, and can also link with whatever userspace
 libraries they like.
 .
 This is the daemon package

tcmu-runner-dbgsym: debug symbols for tcmu-runner