Описание
Security update for nbd
This update for nbd fixes the following issues:
- CVE-2022-26495: Fixed an integer overflow with a resultant heap-based buffer overflow (bsc#1196827).
- CVE-2022-26496: Fixed a stack-based buffer overflow when parsing the name field by sending a crafted NBD_OPT_INFO (bsc#1196828).
Update to version 3.24 (bsc#1196827, bsc#1196828, CVE-2022-26495, CVE-2022-26496):
Update to version 3.23:
- Don't overwrite the hostname with the TLS hostname
Update to version 3.22:
- nbd-server: handle auth for v6-mapped IPv4 addresses
- nbd-client.c: parse the next option in all cases
- configure.ac: silence a few autoconf 2.71 warnings
- spec: Relax NBD_OPT_LIST_META_CONTEXTS
- client: Don't confuse Unix socket with TLS hostname
- server: Avoid deprecated g_memdup
Update to version 3.21:
- Fix --disable-manpages build
- Fix a bug in whitespace handling regarding authorization files
- Support client-side marking of devices as read-only
- Support preinitialized NBD connection (i.e., skip the negotiation).
- Fix the systemd unit file for nbd-client so it works with netlink (the more common situation nowadays)
Update to 3.20.0 (no changelog)
Update to version 3.19.0:
- Better error messages in case of unexpected disconnects
- Better compatibility with non-bash sh implementations (for configure.sh)
- Fix for a segfault in NBD_OPT_INFO handling
- The ability to specify whether to listen on both TCP and Unix domain sockets, rather than to always do so
- Various minor editorial and spelling fixes in the documentation.
Update to version 1.18.0:
- Client: Add the '-g' option to avoid even trying the NBD_OPT_GO message
- Server: fixes to inetd mode
- Don't make gnutls and libnl automagic.
- Server: bugfixes in handling of some export names during verification.
- Server: clean supplementary groups when changing user.
- Client: when using the netlink protocol, only set a timeout when there actually is a timeout, rather than defaulting to 0 seconds
- Improve documentation on the nbdtab file
- Minor improvements to some error messages
- Improvements to test suite so it works better on non-GNU userland environments
- Update to version 1.17.0:
- proto: add xNBD command NBD_CMD_CACHE to the spec
- server: do not crash when handling child name
- server: Close socket pair when fork fails
Список пакетов
openSUSE Leap 15.3
Ссылки
- Link for SUSE-SU-2022:1276-1
- E-Mail link for SUSE-SU-2022:1276-1
- SUSE Security Ratings
- SUSE Bug 1196827
- SUSE Bug 1196828
- SUSE CVE CVE-2022-26495 page
- SUSE CVE CVE-2022-26496 page
Описание
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
Затронутые продукты
Ссылки
- CVE-2022-26495
- SUSE Bug 1196827
Описание
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
Затронутые продукты
Ссылки
- CVE-2022-26496
- SUSE Bug 1196828