Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6259-1

Ubuntu Security Notice 6259-1 - Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI incorrectly handled certain parsing TCP MSS options. An attacker could possibly use this issue to cause a crash or cause unexpected behavior.

Packet Storm
#vulnerability#ubuntu#git
=========================================================================Ubuntu Security Notice USN-6259-1July 27, 2023open-iscsi vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in Open-iSCSI.Software Description:- open-iscsi: Open Source iSCSI implementationDetails:Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered thatOpen-iSCSI incorrectly handled certain checksums for IP packets.An attacker could possibly use this issue to expose sensitive information.(CVE-2020-13987)Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered thatOpen-iSCSI incorrectly handled certain parsing TCP MSS options.An attacker could possibly use this issue to cause a crash or causeunexpected behavior. (CVE-2020-13988)Amine Amri and Stanislav Dashevskyi discovered that Open-iSCSIincorrectly handled certain TCP data. An attacker could possiblyuse this issue to expose sensitive information. (CVE-2020-17437)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  open-iscsi                      2.0.874-7.1ubuntu6.4Ubuntu 18.04 LTS (Available with Ubuntu Pro):  open-iscsi                      2.0.874-5ubuntu2.11+esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro):  open-iscsi                      2.0.873+git0.3b4b4500-14ubuntu3.7+esm1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6259-1  CVE-2020-13987, CVE-2020-13988, CVE-2020-17437Package Information:  https://launchpad.net/ubuntu/+source/open-iscsi/2.0.874-7.1ubuntu6.4

Related news

CVE-2020-17437

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.

Packet Storm: Latest News

Ubuntu Security Notice USN-7121-3