Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 33: FEDORA-2021-535596f062 Critical Injection Flaw in nbdkit

fedora
Calendar Grey August 28, 2021
Dist Fedora Esm H88
Fedora Security Alert for nbdkit v1.24.6 mitigates severe injection vulnerability CVE-2021-3716 safeguarding system stability.
New upstream stable version 1.24.6; fixes CVE-2021-3716.

Summary

NBD is a protocol for accessing block devices (hard disks and

disk-like things) over the network.

nbdkit is a toolkit for creating NBD servers.

The key features are:

* Multithreaded NBD server written in C with good performance.

* Minimal dependencies for the basic server.

* Liberal license (BSD) allows nbdkit to be linked to proprietary

libraries or included in proprietary code.

* Well-documented, simple plugin API with a stable ABI guarantee.

Lets you to export "unconventional" block devices easily.

* You can write plugins in C or many other languages.

* Filters can be stacked in front of plugins to transform the output.

'nbdkit' is a meta-package which pulls in the core server and a

useful subset of plugins and filters with minimal dependencies.

If you want just the server, install 'nbdkit-server'.

To develop plugins, install the 'nbdkit-devel' package and start by

reading the nbdkit(1) and nbdkit-plugin(3) manual pages.

New upstream stable version 1.24.6; fixes CVE-2021-3716.

* Fri Aug 20 2021 Eric Blake - 1.24.6-1

- New upstream stable version 1.24.6; fixes CVE-2021-3716.

[ 1 ] Bug #1994695 - CVE-2021-3716 nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS

https://bugzilla.redhat.com/show_bug.cgi?id=1994695

su -c 'dnf upgrade --advisory FEDORA-2021-535596f062' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory fedora critical injection flaw nbdkit

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 1.24.6
Release: 1.fc33
URL: https://github.com/libguestfs/nbdkit
Summary: NBD server

Topics%20covered

Topics Covered

security advisory fedora critical injection flaw nbdkit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here