Fedora 41 Update: nbdkit-1.40.6-1.fc41
[SECURITY] Fedora 41 Update: nbdkit-1.40.6-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-bc02ec32fb
2025-05-26 01:05:37.480117+00:00
--------------------------------------------------------------------------------
Name : nbdkit
Product : Fedora 41
Version : 1.40.6
Release : 1.fc41
URL : https://gitlab.com/nbdkit/nbdkit
Summary : NBD server
Description :
NBD is a protocol for accessing block devices (hard disks and
disk-like things) over the network.
nbdkit is a toolkit for creating NBD servers.
The key features are:
* Multithreaded NBD server written in C with good performance.
* Minimal dependencies for the basic server.
* Liberal license (BSD) allows nbdkit to be linked to proprietary
libraries or included in proprietary code.
* Well-documented, simple plugin API with a stable ABI guarantee.
Lets you to export "unconventional" block devices easily.
* You can write plugins in C or many other languages.
* Filters can be stacked in front of plugins to transform the output.
* Server can run standalone or can be invoked from other programs.
'nbdkit' is a meta-package which pulls in the core server and a
useful subset of plugins and filters with minimal dependencies.
If you want just the server, install 'nbdkit-server'.
To develop plugins, install the 'nbdkit-devel' package and start by
reading the nbdkit(1) and nbdkit-plugin(3) manual pages.
--------------------------------------------------------------------------------
Update Information:
New upstream stable branch version 1.40.6
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 10 2025 Richard W.M. Jones [rjones@redhat.com] - 1.40.6-1
- New upstream stable branch version 1.40.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2365691 - CVE-2025-47711 nbdkit: off-by-one error when processing block status may lead to a Denial of Service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2365691
[ 2 ] Bug #2365726 - CVE-2025-47712 nbdkit: Integer overflow triggers an assertion resulting in Denial of Service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2365726
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-bc02ec32fb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
