ELSA-2024-2204

Опубликовано: 02 мая 2024

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2024-2204: libnbd security update (MODERATE)

[1.18.1-3]

Backport unit test of recent libnbd API addition resolves: RHEL-16292

[1.18.1-2]

Fix assertion in ext-mode BLOCK_STATUS (CVE-2023-5871) resolves: RHEL-15143

[1.18.1-1]

Rebase to 1.18.1 resolves: RHEL-14476

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

libnbd

1.18.1-3.el9

libnbd-bash-completion

1.18.1-3.el9

libnbd-devel

1.18.1-3.el9

nbdfuse

1.18.1-3.el9

ocaml-libnbd

1.18.1-3.el9

ocaml-libnbd-devel

1.18.1-3.el9

python3-libnbd

1.18.1-3.el9

Oracle Linux x86_64

libnbd

1.18.1-3.el9

libnbd-bash-completion

1.18.1-3.el9

libnbd-devel

1.18.1-3.el9

nbdfuse

1.18.1-3.el9

ocaml-libnbd

1.18.1-3.el9

ocaml-libnbd-devel

1.18.1-3.el9

python3-libnbd

1.18.1-3.el9

Связанные CVE

CVE-2023-5871

CVE-2023-5215

Ссылки на источники

Связанные уязвимости

CVE-2023-5871

CVSS3: 5.3

ubuntu

больше 1 года назад

A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.

CVE-2023-5871

CVSS3: 5.3

redhat

больше 1 года назад

CVE-2023-5871

CVSS3: 5.3

nvd

больше 1 года назад

CVE-2023-5871

CVSS3: 5.3

debian

больше 1 года назад

A flaw was found in libnbd, due to a malicious Network Block Device (N ...

CVE-2023-5215

CVSS3: 5.3

ubuntu

почти 2 года назад

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.