Security update for tcmu-runner
This update for tcmu-runner fixes the following issues:
- qcow handler opens up an information leak via the CheckConfig D-Bus method (bsc#1049491)
- glfs handler allows local DoS via crafted CheckConfig strings (bsc#1049485)
- UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler causes denial of service (bsc#1049488)
- UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes denial of service (bsc#1049489)
- Memory leaks can be triggered in tcmu-runner daemon by calling D-Bus method for (Un)RegisterHandler (bsc#1049490)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
-
Submitted by
Lee Duncan (lee_duncan)
Fixed bugs
bnc#1049489
VUL-0: tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes DoS
bnc#1049488
VUL-0: tcmu-runner: UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler causes DoS
bnc#1049485
VUL-0: tcmu-runner: glfs handler allows local DoS via crafted CheckConfig strings
bnc#1049490
VUL-0: tcmu-runner: Memory leaks can be triggered in tcmu-runner daemon by calling D-Bus method for (Un)RegisterHandler
bnc#1049491
VUL-0: tcmu-runner: qcow handler opens up an information leak via the CheckConfig D-Bus method
