DLA 2944-1: nbd security update

Debian 9913 Published 2022-03-11 06:32 by Philipp Esselbach

News

A nbd security update has been released for Debian GNU/Linux 9 LTS to address an integer overflow.

DLA 2944-1: nbd security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2944-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
March 10, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : nbd
Version : 1:3.15.2-3+deb9u1
CVE ID : CVE-2022-26495
Debian Bugs : #1003863 #1006915

An integer overflow (with a resultant heap-based buffer overflow)
was discovered in the nbd Network Block Device server. A value of
0xffffffff in the name length field could have caused a zero-sized
buffer to be allocated for the name, resulting in a write to a
dangling pointer.

For Debian 9 "Stretch", this problem has been fixed in version
1:3.15.2-3+deb9u1.

We recommend that you upgrade your nbd packages.

For the detailed security status of nbd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nbd

Thanks to Wouter Verhelst for help in preparing this update.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

USN-5320-1: Expat vulnerabilities and regression

How to install Zabbix 6 on Ubuntu 20.04 step by step

DLA 2944-1: nbd security update

DLA 2944-1: nbd security update

Windows

Linux

macOS

Community