Описание
Security update for libnbd
This update for libnbd fixes the following issues:
-
Updated to version 1.18.1
-
Updated to version 1.18.0:
- CVE-2023-5215: Fixed an issue where an NBD server returning an unexpected block size might crash an application (bsc#1215799).
Список пакетов
openSUSE Leap 15.4
libnbd-1.18.1-150300.8.15.1
libnbd-bash-completion-1.18.1-150300.8.15.1
libnbd-devel-1.18.1-150300.8.15.1
libnbd0-1.18.1-150300.8.15.1
nbdfuse-1.18.1-150300.8.15.1
openSUSE Leap 15.5
libnbd-1.18.1-150300.8.15.1
libnbd-bash-completion-1.18.1-150300.8.15.1
libnbd-devel-1.18.1-150300.8.15.1
libnbd0-1.18.1-150300.8.15.1
nbdfuse-1.18.1-150300.8.15.1
python3-libnbd-1.18.1-150300.8.15.1
Ссылки
- Link for SUSE-SU-2023:4222-1
- E-Mail link for SUSE-SU-2023:4222-1
- SUSE Security Ratings
- SUSE Bug 1215799
- SUSE CVE CVE-2023-5215 page
Описание
A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.
Затронутые продукты
openSUSE Leap 15.4:libnbd-1.18.1-150300.8.15.1
openSUSE Leap 15.4:libnbd-bash-completion-1.18.1-150300.8.15.1
openSUSE Leap 15.4:libnbd-devel-1.18.1-150300.8.15.1
openSUSE Leap 15.4:libnbd0-1.18.1-150300.8.15.1
Ссылки
- CVE-2023-5215
- SUSE Bug 1215799