USN-4707-1: TCMU vulnerability
=========================================================================
Ubuntu Security Notice USN-4707-1
January 28, 2021
tcmu vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
tcmu could be made to crash if it received specially crafted
input.
Software Description:
- tcmu: TCM-Userspace backend
Details:
It was discovered that TCMU lacked a check for transport-layer restrictions,
allowing remote attackers to read or write files via directory traversal in
an XCOPY request.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libtcmu2 1.5.2-5ubuntu0.20.10.1
tcmu-runner 1.5.2-5ubuntu0.20.10.1
Ubuntu 20.04 LTS:
libtcmu2 1.5.2-5ubuntu0.20.04.1
tcmu-runner 1.5.2-5ubuntu0.20.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4707-1
CVE-2021-3139
Package Information:
https://launchpad.net/ubuntu/+source/tcmu/1.5.2-5ubuntu0.20.10.1
https://launchpad.net/ubuntu/+source/tcmu/1.5.2-5ubuntu0.20.04.1
A TCMU security update has been released Ubuntu Linux 20.04 LTS and 20.10.
