{"affected":[{"ecosystem_specific":{"binaries":[{"iscsiuio":"0.7.8.6-22.6.1","libopeniscsiusr0_2_0":"2.1.3-22.6.1","open-iscsi":"2.1.3-22.6.1","open-iscsi-devel":"2.1.3-22.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP2","name":"open-iscsi","purl":"pkg:rpm/suse/open-iscsi&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.3-22.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for open-iscsi fixes the following issues:\n\n- Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908,\n  including:\n  * uip: check for TCP urgent pointer past end of frame\n  * uip: check for u8 overflow when processing TCP options\n  * uip: check for header length underflow during checksum calculation\n  * fwparam_ppc: Fix memory leak in fwparam_ppc.c\n  * iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c\n  * fwparam_ppc: Fix illegal memory access in fwparam_ppc.c\n  * sysfs: Verify parameter of sysfs_device_get()\n  * fwparam_ppc: Fix NULL pointer dereference in find_devtree()\n  * open-iscsi: Clean user_param list when process exit\n  * iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev()\n  * open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req()\n  * open-iscsi: Fix invalid pointer deference in find_initiator()\n  * iscsiuio: Fix invalid parameter when call fstat()\n  * iscsi-iname: Verify open() return value before calling read()\n  * iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface\n\n- Updatged to latest upstream, including:\n  * iscsiadm: Optimize the the verification of mode paramters\n  * iscsid: Poll timeout value to 1 minute for iscsid\n  * iscsiadm: fix host stats mode coredump\n  * iscsid: fix logging level when starting and shutting down daemon\n  * Updated iscsiadm man page.\n  * Fix memory leak in sysfs_get_str\n  * libopeniscsiusr: Compare with max int instead of max long\n\n- Systemd unit files should not depend on network.target (bsc#1179440).\n\n- Updated to latest upstream, including async login ability:\n * Implement login 'no_wait' for iscsiadm NODE mode\n * iscsiadm buffer overflow regression when discovering many targets at once\n * iscsid: Check Invalid Session id for stop connection\n * Add ability to attempt target logins asynchronously\n\n- %service_del_postun_without_restart is now available on SLE\n  More accurately it's been introduced in SLE12-SP2+ and SLE15+\n","id":"SUSE-SU-2021:0127-1","modified":"2021-01-14T09:30:27Z","published":"2021-01-14T09:30:27Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20210127-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179440"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179908"}],"related":[],"summary":"Security update for open-iscsi","upstream":[]}