Debian: DSA-3271-1: nbd security update
Debian: DSA-3271-1: nbd security update
Tuomas Räsänen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service.
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3271-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Alessandro Ghedini May 23, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nbd CVE ID : CVE-2013-7441 CVE-2015-0847 Debian Bug : 781547 784657 Tuomas Räsänen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service. Tuomas Räsänen also discovered that the modern-style negotiation was carried out in the main server process before forking the actual client handler. This could allow a remote attacker to cause a denial of service (crash) by querying a non-existent export. This issue only affected the oldstable distribution (wheezy). For the oldstable distribution (wheezy), these problems have been fixed in version 1:3.2-4~deb7u5. For the stable distribution (jessie), these problems have been fixed in version 1:3.8-4+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1:3.10-1. For the unstable distribution (sid), these problems have been fixed in version 1:3.10-1. We recommend that you upgrade your nbd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
