Fedora 34: FEDORA-2021-9c2ba2fcfc Critical: NBDKit 1.26.5 Security Fix

fedora

August 28, 2021

New upstream stable version 1.26.5; fixes CVE-2021-3716.

Summary

NBD is a protocol for accessing block devices (hard disks and

disk-like things) over the network.

nbdkit is a toolkit for creating NBD servers.

The key features are:

* Multithreaded NBD server written in C with good performance.

* Minimal dependencies for the basic server.

* Liberal license (BSD) allows nbdkit to be linked to proprietary

libraries or included in proprietary code.

* Well-documented, simple plugin API with a stable ABI guarantee.

Lets you to export "unconventional" block devices easily.

* You can write plugins in C or many other languages.

* Filters can be stacked in front of plugins to transform the output.

'nbdkit' is a meta-package which pulls in the core server and a

useful subset of plugins and filters with minimal dependencies.

If you want just the server, install 'nbdkit-server'.

To develop plugins, install the 'nbdkit-devel' package and start by

reading the nbdkit(1) and nbdkit-plugin(3) manual pages.

New upstream stable version 1.26.5; fixes CVE-2021-3716.

* Fri Aug 20 2021 Eric Blake - 1.26.5-1

- New upstream stable version 1.26.5; fixes CVE-2021-3716.

[ 1 ] Bug #1994695 - CVE-2021-3716 nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS

https://bugzilla.redhat.com/show_bug.cgi?id=1994695

su -c 'dnf upgrade --advisory FEDORA-2021-9c2ba2fcfc' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics Covered

security advisory update Fedora Critical network block device CVE-2021-3716 NBDKit

Change Log

References

Update Instructions

Severity

critical

Lowest

Low

Medium

High

Critical

Product: Fedora 34

Version: 1.26.5

Release: 1.fc34

URL: https://gitlab.com/nbdkit/nbdkit

Summary: NBD server

Topics Covered

security advisory update Fedora Critical network block device CVE-2021-3716 NBDKit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Fedora 34: FEDORA-2021-9c2ba2fcfc Critical: NBDKit 1.26.5 Security Fix

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Fedora 34: FEDORA-2021-9c2ba2fcfc Critical: NBDKit 1.26.5 Security Fix

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!