An update for scsi-target-utils is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2156 Final 1.0 1.0 2024-09-20 Initial 2024-09-20 2024-09-20 openEuler SA Tool V1.0 2024-09-20 scsi-target-utils security update An update for scsi-target-utils is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3 The SCSI target package contains the daemon and tools to setup a SCSI targets. Currently, software iSCSI targets are supported. Security Fix(es): tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.(CVE-2024-45751) An update for scsi-target-utils is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High scsi-target-utils https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2156 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-45751 https://nvd.nist.gov/vuln/detail/CVE-2024-45751 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 scsi-target-utils-1.0.79-5.oe2003sp4.src.rpm scsi-target-utils-1.0.79-6.oe2203sp1.src.rpm scsi-target-utils-1.0.91-2.oe2403.src.rpm scsi-target-utils-1.0.79-6.oe2203sp4.src.rpm scsi-target-utils-1.0.79-6.oe2203sp3.src.rpm scsi-target-utils-1.0.79-5.oe2003sp4.x86_64.rpm scsi-target-utils-debuginfo-1.0.79-5.oe2003sp4.x86_64.rpm scsi-target-utils-debugsource-1.0.79-5.oe2003sp4.x86_64.rpm scsi-target-utils-gluster-1.0.79-5.oe2003sp4.x86_64.rpm scsi-target-utils-rbd-1.0.79-5.oe2003sp4.x86_64.rpm scsi-target-utils-1.0.79-6.oe2203sp1.x86_64.rpm scsi-target-utils-debuginfo-1.0.79-6.oe2203sp1.x86_64.rpm scsi-target-utils-debugsource-1.0.79-6.oe2203sp1.x86_64.rpm scsi-target-utils-gluster-1.0.79-6.oe2203sp1.x86_64.rpm scsi-target-utils-rbd-1.0.79-6.oe2203sp1.x86_64.rpm scsi-target-utils-1.0.91-2.oe2403.x86_64.rpm scsi-target-utils-debuginfo-1.0.91-2.oe2403.x86_64.rpm scsi-target-utils-debugsource-1.0.91-2.oe2403.x86_64.rpm scsi-target-utils-gluster-1.0.91-2.oe2403.x86_64.rpm scsi-target-utils-rbd-1.0.91-2.oe2403.x86_64.rpm scsi-target-utils-1.0.79-6.oe2203sp4.x86_64.rpm scsi-target-utils-debuginfo-1.0.79-6.oe2203sp4.x86_64.rpm scsi-target-utils-debugsource-1.0.79-6.oe2203sp4.x86_64.rpm scsi-target-utils-gluster-1.0.79-6.oe2203sp4.x86_64.rpm scsi-target-utils-rbd-1.0.79-6.oe2203sp4.x86_64.rpm scsi-target-utils-1.0.79-6.oe2203sp3.x86_64.rpm scsi-target-utils-debuginfo-1.0.79-6.oe2203sp3.x86_64.rpm scsi-target-utils-debugsource-1.0.79-6.oe2203sp3.x86_64.rpm scsi-target-utils-gluster-1.0.79-6.oe2203sp3.x86_64.rpm scsi-target-utils-rbd-1.0.79-6.oe2203sp3.x86_64.rpm scsi-target-utils-help-1.0.79-5.oe2003sp4.noarch.rpm scsi-target-utils-help-1.0.79-6.oe2203sp1.noarch.rpm scsi-target-utils-help-1.0.91-2.oe2403.noarch.rpm scsi-target-utils-help-1.0.79-6.oe2203sp4.noarch.rpm scsi-target-utils-help-1.0.79-6.oe2203sp3.noarch.rpm scsi-target-utils-1.0.79-5.oe2003sp4.aarch64.rpm scsi-target-utils-debuginfo-1.0.79-5.oe2003sp4.aarch64.rpm scsi-target-utils-debugsource-1.0.79-5.oe2003sp4.aarch64.rpm scsi-target-utils-gluster-1.0.79-5.oe2003sp4.aarch64.rpm scsi-target-utils-rbd-1.0.79-5.oe2003sp4.aarch64.rpm scsi-target-utils-1.0.79-6.oe2203sp1.aarch64.rpm scsi-target-utils-debuginfo-1.0.79-6.oe2203sp1.aarch64.rpm scsi-target-utils-debugsource-1.0.79-6.oe2203sp1.aarch64.rpm scsi-target-utils-gluster-1.0.79-6.oe2203sp1.aarch64.rpm scsi-target-utils-rbd-1.0.79-6.oe2203sp1.aarch64.rpm scsi-target-utils-1.0.91-2.oe2403.aarch64.rpm scsi-target-utils-debuginfo-1.0.91-2.oe2403.aarch64.rpm scsi-target-utils-debugsource-1.0.91-2.oe2403.aarch64.rpm scsi-target-utils-gluster-1.0.91-2.oe2403.aarch64.rpm scsi-target-utils-rbd-1.0.91-2.oe2403.aarch64.rpm scsi-target-utils-1.0.79-6.oe2203sp4.aarch64.rpm scsi-target-utils-debuginfo-1.0.79-6.oe2203sp4.aarch64.rpm scsi-target-utils-debugsource-1.0.79-6.oe2203sp4.aarch64.rpm scsi-target-utils-gluster-1.0.79-6.oe2203sp4.aarch64.rpm scsi-target-utils-rbd-1.0.79-6.oe2203sp4.aarch64.rpm scsi-target-utils-1.0.79-6.oe2203sp3.aarch64.rpm scsi-target-utils-debuginfo-1.0.79-6.oe2203sp3.aarch64.rpm scsi-target-utils-debugsource-1.0.79-6.oe2203sp3.aarch64.rpm scsi-target-utils-gluster-1.0.79-6.oe2203sp3.aarch64.rpm scsi-target-utils-rbd-1.0.79-6.oe2203sp3.aarch64.rpm tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. 2024-09-20 CVE-2024-45751 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N scsi-target-utils security update 2024-09-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2156