[USN-4707-1] TCMU vulnerability
Paulo Flabiano Smorigo
pfsmorigo at canonical.com
Thu Jan 28 14:02:49 UTC 2021
==========================================================================
Ubuntu Security Notice USN-4707-1
January 28, 2021
tcmu vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
tcmu could be made to crash if it received specially crafted
input.
Software Description:
- tcmu: TCM-Userspace backend
Details:
It was discovered that TCMU lacked a check for transport-layer restrictions,
allowing remote attackers to read or write files via directory traversal in
an XCOPY request.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libtcmu2 1.5.2-5ubuntu0.20.10.1
tcmu-runner 1.5.2-5ubuntu0.20.10.1
Ubuntu 20.04 LTS:
libtcmu2 1.5.2-5ubuntu0.20.04.1
tcmu-runner 1.5.2-5ubuntu0.20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4707-1
CVE-2021-3139
Package Information:
https://launchpad.net/ubuntu/+source/tcmu/1.5.2-5ubuntu0.20.10.1
https://launchpad.net/ubuntu/+source/tcmu/1.5.2-5ubuntu0.20.04.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20210128/3921e1e6/attachment.sig>
More information about the ubuntu-security-announce
mailing list