Ubuntu has issued an advisory on October 20: http://www.ubuntu.com/usn/usn-1235-1/ Patched package uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated open-iscsi package fixes security vulnerability: Colin Watson discovered that iscsi_discovery in Open-iSCSI did not safely create temporary files. A local attacker could exploit this to to overwrite arbitrary files with root privileges (CVE-2009-1297). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1297 http://www.ubuntu.com/usn/usn-1235-1/ ======================== Updated packages in core/updates_testing: ======================== open-iscsi-2.0-871.4.1.mga1 open-iscsi-2.0-871.4.1.mga2 from SRPMS: open-iscsi-2.0-871.4.1.mga1.src.rpm open-iscsi-2.0-871.4.1.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
Am I correct that this package requires a network accessible sans drive?
CC: (none) => davidwhodginsWhiteboard: MGA1TOO => MGA1TOO feedback
A network accessible SAN I think, and then a card for connecting to it. From talking to one of my co-workers it sounds like there might be specific cards for it, or it can be used over fiber channel with a fiber channel card. Maybe Thomas knows more about how this package is/can be used.
CC: (none) => tmb
Thanks. I'll post a request for testers to the general discussion list. If we don't get any volunteers in a reasonable time, we'll have to validate after testing that it installs cleanly, as that's all we can test without the specific hardware.
After more reading about iscsi, it looks like the package iscsitarget should be able to provide a target for open-iscsi to connect to. I'll see if I can get that working.
CC: (none) => stormiWhiteboard: MGA1TOO feedback => MGA1TOO
Depends on: (none) => 5525
http://techthrob.com/2009/03/07/iscsi-101-setting-up-a-simple-iscsi-storage-area-network/ has a procedure, but testing this bug depends on getting iscsitarget working, which is currently blocked by bug 5525.
Whiteboard: MGA1TOO => MGA1TOO feedback
i think we should probably move on with this now and just check it installs and updates without any issues. rpmdiff shows these files changed,so just checking the open-iscsi service can be started and they can be called.. S.5........ /sbin/iscsi-iname S.5........ /sbin/iscsi_discovery S.5........ /sbin/iscsiadm S.5........ /sbin/iscsid Before ------ # service open-iscsi start Starting open-iscsi (via systemctl): [ OK ] # iscsi_discovery 127.0.0.1 iscsiadm: No active sessions. iscsiadm: Cannot perform discovery. Initiatorname required. iscsiadm: Discovery process to 127.0.0.1:3260 failed to create a discovery session. iscsiadm: Could not perform SendTargets discovery. failed to discover targets at 127.0.0.1 # iscsi-iname iqn.2005-03.org.open-iscsi:2a1858afb8 # iscsiadm -m discovery 127.0.0.1:3260 via sendtargets After ----- # service open-iscsi restart Restarting open-iscsi (via systemctl): [ OK ] # iscsi_discovery 127.0.0.1 iscsiadm: No active sessions. iscsiadm: Cannot perform discovery. Initiatorname required. iscsiadm: Discovery process to 127.0.0.1:3260 failed to create a discovery session. iscsiadm: Could not perform SendTargets discovery. iscsiadm: no records found! iscsiadm: update requires name and value iscsiadm: no records found! Cannot login over tcp to portal iscsiadm: no records found! iscsiadm: no records found! iscsiadm: update requires name and value iscsiadm: no records found! Cannot login over tcp to portal iscsiadm: no records found! discovered 1 targets at 127.0.0.1 # iscsi-iname iqn.2005-03.org.open-iscsi:cf1f6945c47 # iscsiadm -m discovery 127.0.0.1:3260 via sendtargets So iscsi_discovery returns different data but does seem to do something and appears to show configuration errors, which is to be expected. Testing complete Mageia 2 x86_64
Whiteboard: MGA1TOO feedback => MGA1TOO feedback has_procedure mga2-64-OK
# systemctl status open-iscsi.service shows the service started ok and confirms the lack of configuration so the previous errors are indeed expected. iscsid[18690]: An InitiatorName= is required, but was not found in /etc/iscsi/initiatorname.iscsi
Validating the update. Could someone from the sysadmin team push the srpm open-iscsi-2.0-871.4.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm open-iscsi-2.0-871.4.1.mga1.src.rpm freom Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated open-iscsi package fixes security vulnerability: Colin Watson discovered that iscsi_discovery in Open-iSCSI did not safely create temporary files. A local attacker could exploit this to to overwrite arbitrary files with root privileges (CVE-2009-1297). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1297 http://www.ubuntu.com/usn/usn-1235-1/ https://bugs.mageia.org/show_bug.cgi?id=7057
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO feedback has_procedure mga2-64-OK => MGA1TOO feedback has_procedure mga2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241
Status: NEW => RESOLVEDResolution: (none) => FIXED