Arch Linux Security Advisory ASA-201505-15 ========================================= Severity: Low Date : 2015-05-26 CVE-ID : CVE-2015-0847 Package : nbd Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ====== The package nbd before version 3.11-1 is vulnerable to denial of service. Resolution ========= Upgrade to 3.11-1. # pacman -Syu "nbd>=3.11-1" The problem has been fixed upstream in version 3.11. Workaround ========= None. Description ========== Signal handlers themselves were entered only once, but they called posixly unsafe, non-reentrant functions, such as syslog(). If a signal was caught in the middle of the execution of such function, consequences were undefined. In practice, nbd-server was observed to deadlock during the execution of sigchld_handler(). Impact ===== A remote attacker is able to send requests to the nbd server that may lead to a deadlock resulting in denial of service. References ========= https://sourceforge.net/p/nbd/mailman/message/34091218/ https://access.redhat.com/security/cve/CVE-2015-0847 https://github.com/yoe/nbd/commit/412def
ArchLinux: 201505-15: nbd: denial of service
May 26, 2015
Summary
Signal handlers themselves were entered only once, but they called posixly unsafe, non-reentrant functions, such as syslog(). If a signal was caught in the middle of the execution of such function, consequences were undefined. In practice, nbd-server was observed to deadlock during the execution of sigchld_handler().
Resolution
Upgrade to 3.11-1.
# pacman -Syu "nbd>=3.11-1"
The problem has been fixed upstream in version 3.11.
References
https://sourceforge.net/p/nbd/mailman/message/34091218/ https://access.redhat.com/security/cve/CVE-2015-0847 https://github.com/yoe/nbd/commit/412def
Severity
Package : nbd
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Workaround
None.
News
HOWTOs
About Us
Powered By
