RedHat: Moderate: iscsi-initiator-utils security update
Summary
Summary
The iscsi package provides the server daemon for the iSCSI protocol, as well as the utility programs used to manage it. iSCSI is a protocol for distributed disk access using SCSI commands sent over Internet Protocol networks. Olaf Kirch discovered two flaws in open-iscsi. A local attacker could use these flaws to cause the server daemon to stop responding, leading to a denial of service. (CVE-2007-3099, CVE-2007-3100). All users of open-iscsi should upgrade to this updated package which resolves these issues. Note: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4. open-iscsi is available in Red Hat Enterprise Linux 5 as a Technology Preview.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
243719 - CVE-2007-3099 dos flaws in open-iscsi (CVE-2007-3100)
6. RPMs required:
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS:
1641a3f2f9c7c06b923bd5ae7174aafc iscsi-initiator-utils-6.2.0.742-0.6.el5.src.rpm
i386:
e8241658758493f0ed6b0deb515ff2d4 iscsi-initiator-utils-6.2.0.742-0.6.el5.i386.rpm
b6dae38ce85a004fb6b1c5316472296b iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.i386.rpm
x86_64:
907981526cb8a26b6c2858fa18fb2b69 iscsi-initiator-utils-6.2.0.742-0.6.el5.x86_64.rpm
9f1158d5930b38af251ff3070bee2f4d iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS:
1641a3f2f9c7c06b923bd5ae7174aafc iscsi-initiator-utils-6.2.0.742-0.6.el5.src.rpm
i386:
e8241658758493f0ed6b0deb515ff2d4 iscsi-initiator-utils-6.2.0.742-0.6.el5.i386.rpm
b6dae38ce85a004fb6b1c5316472296b iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.i386.rpm
ia64:
a579261aff181eba655d27527696ad76 iscsi-initiator-utils-6.2.0.742-0.6.el5.ia64.rpm
85e98cd7a8b8139f1dcb3602fc2bf0e3 iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.ia64.rpm
ppc:
87d4404ac8698baa64353da68164500c iscsi-initiator-utils-6.2.0.742-0.6.el5.ppc.rpm
6b949fdac71d03cbf6c59446762c3653 iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.ppc.rpm
x86_64:
907981526cb8a26b6c2858fa18fb2b69 iscsi-initiator-utils-6.2.0.742-0.6.el5.x86_64.rpm
9f1158d5930b38af251ff3070bee2f4d iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3100 http://www.redhat.com/security/updates/classification/#moderate
Package List
Topic
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64
Bugs Fixed