SUSE-SU-2024:2789-1

Опубликовано: 06 авг. 2024

Источник: suse-cvrf

Описание

Security update for libnbd

This update for libnbd fixes the following issues:

CVE-2024-7383: Fixed incorrect verification of a NBD server's certificate when using TLS to connect to the server (bsc#1228872)

Other fixes:

Update to version 1.18.5.

Список пакетов

openSUSE Leap 15.5

libnbd-1.18.5-150300.8.21.1

libnbd-bash-completion-1.18.5-150300.8.21.1

libnbd-devel-1.18.5-150300.8.21.1

libnbd0-1.18.5-150300.8.21.1

nbdfuse-1.18.5-150300.8.21.1

python3-libnbd-1.18.5-150300.8.21.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242789-1/
Link for SUSE-SU-2024:2789-1
https://lists.suse.com/pipermail/sle-updates/2024-August/036332.html
E-Mail link for SUSE-SU-2024:2789-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1228872
SUSE Bug 1228872
https://www.suse.com/security/cve/CVE-2024-7383/
SUSE CVE CVE-2024-7383 page

Описание

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

Затронутые продукты

openSUSE Leap 15.5:libnbd-1.18.5-150300.8.21.1

openSUSE Leap 15.5:libnbd-bash-completion-1.18.5-150300.8.21.1

openSUSE Leap 15.5:libnbd-devel-1.18.5-150300.8.21.1

openSUSE Leap 15.5:libnbd0-1.18.5-150300.8.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-7383.html
CVE-2024-7383
https://bugzilla.suse.com/1228872
SUSE Bug 1228872

SUSE-SU-2024:2789-1

Описание

Список пакетов

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-7383

Описание

Затронутые продукты

Ссылки