Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 42: nbdkit 1.42.3 critical updates for Denial of Service risks

fedora
Calendar Grey May 23, 2025
Dist Fedora Esm H88
The recent Fedora 42 update introduces nbdkit version 1.42.3, which tackles significant security vulnerabilities while enhancing the overall operational safety of server environments.
New upstream stable branch version 1.42.3

Summary

NBD is a protocol for accessing block devices (hard disks and

disk-like things) over the network.

nbdkit is a toolkit for creating NBD servers.

The key features are:

* Multithreaded NBD server written in C with good performance.

* Minimal dependencies for the basic server.

* Liberal license (BSD) allows nbdkit to be linked to proprietary

libraries or included in proprietary code.

* Well-documented, simple plugin API with a stable ABI guarantee.

Lets you to export "unconventional" block devices easily.

* You can write plugins in C or many other languages.

* Filters can be stacked in front of plugins to transform the output.

* Server can run standalone or can be invoked from other programs.

'nbdkit' is a meta-package which pulls in the core server and a

useful subset of plugins and filters with minimal dependencies.

If you want just the server, install 'nbdkit-server'.

To develop plugins, install the 'nbdkit-devel' package and start by

reading the nbdkit(1) and nbdkit-plugin(3) manual pages.

Update Information:

New upstream stable branch version 1.42.3

Topics%20covered

Topics Covered

security advisory Fedora Denial of Service protocol bug report nbdkit

Change Log

* Sat May 10 2025 Richard W.M. Jones - 1.42.3-1 - New upstream stable branch version 1.42.3

References


[ 1 ] Bug #2365692 - CVE-2025-47711 nbdkit: off-by-one error when processing block status may lead to a Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2365692 [ 2 ] Bug #2365727 - CVE-2025-47712 nbdkit: Integer overflow triggers an assertion resulting in Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2365727

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8a2d82f65a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nbdkit
Product: Fedora 42
Version: 1.42.3
Release: 1.fc42
URL: https://gitlab.com/nbdkit/nbdkit
Summary: NBD server

Topics%20covered

Topics Covered

security advisory Fedora Denial of Service protocol bug report nbdkit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here