tcmu 1.5.2-5ubuntu0.20.10.1 source package in Ubuntu

Changelog

tcmu (1.5.2-5ubuntu0.20.10.1) groovy-security; urgency=medium

  * SECURITY UPDATE: Access control bypass vulnerability
    - debian/patches/CVE-2021-3139_1.patch: fail cross-device XCOPY requests.
    - debian/patches/CVE-2021-3139_2.patch: fail XCOPY requests with inline
      data.
    - debian/patches/CVE-2021-3139_3.patch: don't assume two XCOPY CSCDs.
    - debian/patches/CVE-2021-3139_4.patch: error if both src/dst_dev are unset
      after CSCD.
    - CVE-2021-3139

 -- Paulo Flabiano Smorigo <email address hidden>  Fri, 15 Jan 2021 13:31:39 +0000

Upload details

Uploaded by:
Paulo Flabiano Smorigo on 2021-01-19
Uploaded to:
Groovy
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Groovy updates on 2021-01-27 universe misc
Groovy security on 2021-01-27 universe misc

Downloads

File Size SHA-256 Checksum
tcmu_1.5.2.orig.tar.xz 122.6 KiB 698d450e370beaeb043180fc1fde3f6e19243f0c8cb60df4a4a7e1437b065c09
tcmu_1.5.2-5ubuntu0.20.10.1.debian.tar.xz 7.9 KiB 1092a101a7c66409c17617211527d024309ecdcf6c4aedcf20694224abad37fb
tcmu_1.5.2-5ubuntu0.20.10.1.dsc 2.1 KiB cdee96fd7b50b3c362bd5e5d44a64731722e668632cec67f92105a2edef26e0e

View changes file

Binary packages built by this source

libtcmu2: Library that handles the userspace side of the LIO TCM-User backstore

 LIO is the SCSI target in the Linux kernel. It is entirely kernel
 code, and allows exported SCSI logical units (LUNs) to be backed by
 regular files or block devices. But, if one want to get fancier with
 the capabilities of the device one is emulating, the kernel is not
 necessarily the right place. While there are userspace libraries for
 compression, encryption, and clustered storage solutions like Ceph or
 Gluster, these are not accessible from the kernel.
 .
 The TCMU userspace-passthrough backstore allows a userspace process
 to handle requests to a LUN. But since the kernel-user interface that
 TCMU provides must be fast and flexible, it is complex enough that
 one would like to avoid each userspace handler having to write boilerplate
 code.
 .
 tcmu-runner handles the messy details of the TCMU interface -- UIO,
 netlink, pthreads, and DBus -- and exports a more friendly C plugin
 module API. Modules using this API are called "TCMU
 handlers". Handler authors can write code just to handle the SCSI
 commands as desired, and can also link with whatever userspace
 libraries they like.
 .
 This is the library package

libtcmu2-dbgsym: debug symbols for libtcmu2
tcmu-runner: Daemon that handles the userspace side of the LIO TCM-User backstore

 LIO is the SCSI target in the Linux kernel. It is entirely kernel
 code, and allows exported SCSI logical units (LUNs) to be backed by
 regular files or block devices. But, if one want to get fancier with
 the capabilities of the device one is emulating, the kernel is not
 necessarily the right place. While there are userspace libraries for
 compression, encryption, and clustered storage solutions like Ceph or
 Gluster, these are not accessible from the kernel.
 .
 The TCMU userspace-passthrough backstore allows a userspace process
 to handle requests to a LUN. But since the kernel-user interface that
 TCMU provides must be fast and flexible, it is complex enough that
 one would like to avoid each userspace handler having to write boilerplate
 code.
 .
 tcmu-runner handles the messy details of the TCMU interface -- UIO,
 netlink, pthreads, and DBus -- and exports a more friendly C plugin
 module API. Modules using this API are called "TCMU
 handlers". Handler authors can write code just to handle the SCSI
 commands as desired, and can also link with whatever userspace
 libraries they like.
 .
 This is the daemon package

tcmu-runner-dbgsym: debug symbols for tcmu-runner