Fedora 30: nbdkit FEDORA-2019-1b30db2125 Critical Denial of Service

NBD is a protocol for accessing block devices (hard disks and

disk-like things) over the network.

nbdkit is a toolkit for creating NBD servers.

The key features are:

* Multithreaded NBD server written in C with good performance.

* Minimal dependencies for the basic server.

* Liberal license (BSD) allows nbdkit to be linked to proprietary

libraries or included in proprietary code.

* Well-documented, simple plugin API with a stable ABI guarantee.

Lets you to export "unconventional" block devices easily.

* You can write plugins in C or many other languages.

* Filters can be stacked in front of plugins to transform the output.

In Fedora, 'nbdkit' is a meta-package which pulls in the core server

and a useful subset of plugins and filters.

If you want just the server, install 'nbdkit-server'.

To develop plugins, install the 'nbdkit-devel' package and start by

reading the nbdkit(1) and nbdkit-plugin(3) manual pages.

New upstream version 1.12.8. Fixes second Denial of Service attack:

* Fri Sep 20 2019 Richard W.M. Jones - 1.12.8-1

- New upstream version 1.12.8.

- Fixes second Denial of Service attack:

* Thu Sep 12 2019 Richard W.M. Jones - 1.12.7-1

- New upstream version 1.12.7.

- Fixes Denial of Service / Amplication Attack:

* Thu Aug 29 2019 Richard W.M. Jones - 1.12.6-1

- New stable version 1.12.6.

* Fri Aug 2 2019 Richard W.M. Jones - 1.12.5-1

- New stable version 1.12.5.

* Fri Jul 26 2019 Richard W.M. Jones - 1.12.4-1

- New stable version 1.12.4.

* Tue May 21 2019 Richard W.M. Jones - 1.12.3-1

- New stable version 1.12.3.

* Tue Apr 23 2019 Richard W.M. Jones - 1.12.2-1

- New stable version 1.12.2.

- Distribute BENCHMARKING and SECURITY files.

- Includes a fix for possible remote memory heap leak with user plugins.

* Sat Apr 13 2019 Richard W.M. Jones - 1.12.1-1

- New stable version 1.12.1.

* Wed Apr 10 2019 Richard W.M. Jones - 1.12.0-1

- New upstream version 1.12.0.

- Add noextents filter.

* Mon Apr 8 2019 Richard W.M. Jones - 1.11.15-1

- New upstream version 1.11.15.

* Sat Apr 6 2019 Richard W.M. Jones - 1.11.14-1

- New upstream version 1.11.14.

- Remove deprecated nbdkit-xz-plugin (replaced by nbdkit-xz-filter).

* Tue Apr 2 2019 Richard W.M. Jones - 1.11.13-1

- New upstream version 1.11.13.

* Tue Apr 2 2019 Richard W.M. Jones - 1.11.12-1

- New upstream version 1.11.12.

- New nbdkit-readahead-filter.

su -c 'dnf upgrade --advisory FEDORA-2019-1b30db2125' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/