Security update for tcmu-runner (important)

2017-08-09T15:07:27
ID SUSE-SU-2017:2109-1
Type suse
Reporter Suse
Modified 2017-08-09T15:07:27

Description

This update for tcmu-runner fixes the following issues:

  • qcow handler opens up an information leak via the CheckConfig D-Bus method (bsc#1049491)
  • glfs handler allows local DoS via crafted CheckConfig strings (bsc#1049485)
  • UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler causes denial of service (bsc#1049488)
  • UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes denial of service (bsc#1049489)
  • Memory leaks can be triggered in tcmu-runner daemon by calling D-Bus method for (Un)RegisterHandler (bsc#1049490)