Описание
Security update for libnbd
This update for libnbd fixes the following issues:
- CVE-2024-7383: Fixed incorrect verification of a NBD server's certificate when using TLS to connect to the server (bsc#1228872)
Other fixes:
- Update to version 1.18.5.
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP6
libnbd-1.18.5-150600.18.3.1
libnbd0-1.18.5-150600.18.3.1
nbdfuse-1.18.5-150600.18.3.1
openSUSE Leap 15.6
libnbd-1.18.5-150600.18.3.1
libnbd-bash-completion-1.18.5-150600.18.3.1
libnbd-devel-1.18.5-150600.18.3.1
libnbd0-1.18.5-150600.18.3.1
nbdfuse-1.18.5-150600.18.3.1
python3-libnbd-1.18.5-150600.18.3.1
Ссылки
- Link for SUSE-SU-2024:2813-1
- E-Mail link for SUSE-SU-2024:2813-1
- SUSE Security Ratings
- SUSE Bug 1228872
- SUSE CVE CVE-2024-7383 page
Описание
A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:libnbd-1.18.5-150600.18.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:libnbd0-1.18.5-150600.18.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:nbdfuse-1.18.5-150600.18.3.1
openSUSE Leap 15.6:libnbd-1.18.5-150600.18.3.1
Ссылки
- CVE-2024-7383
- SUSE Bug 1228872