Описание
Security update for libnbd
This update for libnbd fixes the following issues:
- CVE-2022-0485: Fixed a missing error handling that may create corrupted destination image (bsc#1195636).
Список пакетов
Container suse/sles/15.5/cdi-importer:1.55.0
libnbd0-1.12.4-150300.8.12.1
Container suse/sles/15.5/cdi-uploadserver:1.55.0
libnbd-1.12.4-150300.8.12.1
libnbd0-1.12.4-150300.8.12.1
openSUSE Leap 15.3
libnbd-1.12.4-150300.8.12.1
libnbd-bash-completion-1.12.4-150300.8.12.1
libnbd-devel-1.12.4-150300.8.12.1
libnbd0-1.12.4-150300.8.12.1
nbdfuse-1.12.4-150300.8.12.1
openSUSE Leap 15.4
libnbd-1.12.4-150300.8.12.1
libnbd-bash-completion-1.12.4-150300.8.12.1
libnbd-devel-1.12.4-150300.8.12.1
libnbd0-1.12.4-150300.8.12.1
nbdfuse-1.12.4-150300.8.12.1
Ссылки
- Link for SUSE-SU-2022:2754-1
- E-Mail link for SUSE-SU-2022:2754-1
- SUSE Security Ratings
- SUSE Bug 1195636
- SUSE CVE CVE-2022-0485 page
Описание
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.
Затронутые продукты
Container suse/sles/15.5/cdi-importer:1.55.0:libnbd0-1.12.4-150300.8.12.1
Container suse/sles/15.5/cdi-uploadserver:1.55.0:libnbd-1.12.4-150300.8.12.1
Container suse/sles/15.5/cdi-uploadserver:1.55.0:libnbd0-1.12.4-150300.8.12.1
openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1
Ссылки
- CVE-2022-0485
- SUSE Bug 1195636