Univention Bugzilla – Bug 54544
nbd: Multiple issues (4.4)
Last modified: 2022-03-16 14:14:29 CET
New Debian nbd 1:3.15.2-3+deb9u1 fixes: This update addresses the following issue: * In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. (CVE-2022-26495)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/nbd_3.15.2-3.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/nbd_3.15.2-3+deb9u1.dsc @@ -1,3 +1,9 @@ +1:3.15.2-3+deb9u1 [Wed, 09 Mar 2022 11:33:47 +0200] Wouter Verhelst <wouter@debian.org>: + + * Cherry-pick (relevant parts of) the fix for CVE-2022-26495 from git + master. Closes: #1006915. + * Fix parsing of nbdtab in nbd-client; Closes: #1003863. + 1:3.15.2-3 [Mon, 24 Apr 2017 18:45:17 +0200] Wouter Verhelst <wouter@debian.org>: * tests/run/certs/client-cert.pem: regenerate with a certificate <http://piuparts.knut.univention.de/4.4-8/#4848169446755412522>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1196>