Stay Secure with the Latest Linux Advisories

security advisorydenial of servicefedora

Fedora 41 nbdkit 2025-bc02ec32fb moderate: Denial of Service risk

New upstream stable branch version 1.40.6. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-bc02ec32fb 2025-05-26 01:05:37.480117+00:00 -------------------------------------------------------------------------------- Name : nbdkit Product : Fedora 41 Version : 1.40.6 Release : 1.fc41 URL : https://gitlab.com/nbdkit/nbdkit Summary : NBD server Description : NBD is a protocol for accessing block devices (hard disks and disk-like things) over the network. nbdkit is a toolkit for creating NBD servers. The key features are: * Multithreaded NBD server written in C with good performance. * Minimal dependencies for the basic server. * Liberal license (BSD) allows nbdkit to be linked to proprietary libraries or included in proprietary code. * Well-documented, simple plugin API with a stable ABI guarantee. Lets you to export "unconventional" block devices easily. * You can write plugins in C or many other languages. * Filters can be stacked in front of plugins to transform the output. * Server can run standalone or can be invoked from other programs. 'nbdkit' is a meta-package which pulls in the core server and a useful subset of plugins and filters with minimal dependencies. If you want just the server, install 'nbdkit-server'. To develop plugins, install the 'nbdkit-devel' package and start by reading the nbdkit(1) and nbdkit-plugin(3) manual pages. -------------------------------------------------------------------------------- Update Information: New upstream stable branch version 1.40.6 -------------------------------------------------------------------------------- ChangeLog: * Sat May 10 2025 Richard W.M. Jones - 1.40.6-1 - New upstream stable branch version 1.40.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2365691 - CVE-2025-47711 nbdkit: off-by-one error when processingblock status may lead to a Denial of Service [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2365691 [ 2 ] Bug #2365726 - CVE-2025-47712 nbdkit: Integer overflow triggers an assertion resulting in Denial of Service [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2365726 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-bc02ec32fb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Fedora update for nbdkit 1.40.6 addresses Denial of Service risks with essential patches for enhanced security.. Fedora Update, nbdkit, Denial of Service, nbd protocol, block devices. . LinuxSecurity.com Team

May 26, 2025 Fedora