Описание
Security update for nbdkit
This update for nbdkit fixes the following issues:
Update to version 1.40.6.
Security fixes:
- CVE-2025-47712: integer overflow in blocksize filter when processing client block status requests larger than 2**32 will trigger an assertion failure and cause a denial-of-service. (bsc#1243108).
- CVE-2025-47711: off-by-one error when processing block status results from plugins on behalf of an NBD client may trigger an assertion failure and cause a denial of service (bsc#1243110).
Other fixes and changes:
- golang: Support GCC 15.
- openbsd: curl: Include pthread.h.
- rust: Fix 'overindented' list in comment.
- rust: Declare explicit extern 'C' API.
- plugins/rust: Use CStr literals for static strings.
- vddk: do_extents: Avoid reading partial chunk beyond the end of the disk.
- vddk: do_extents: Exit the function if we hit req_one condition.
- vddk: do_extents: Mark some local variables const.
- vddk: Cache the disk size in the handle.
- vddk: Include <stdbool.h>.
- python: examples: Fix comment above API_VERSION constant.
- tcl: Fix for Tcl 9.0 compatibility.
- plugins/ocaml/NBDKit.ml: Sort bindings into order.
- ocaml: Don't call abort if caml_c_thread_unregister fails.
- ocaml: Use real addresses instead of (void*)s.
- evil: Link to nbdkit_parse_probability(3).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP7
nbdkit-1.40.6-150700.4.3.1
nbdkit-basic-filters-1.40.6-150700.4.3.1
nbdkit-basic-plugins-1.40.6-150700.4.3.1
nbdkit-curl-plugin-1.40.6-150700.4.3.1
nbdkit-nbd-plugin-1.40.6-150700.4.3.1
nbdkit-python-plugin-1.40.6-150700.4.3.1
nbdkit-server-1.40.6-150700.4.3.1
nbdkit-ssh-plugin-1.40.6-150700.4.3.1
nbdkit-vddk-plugin-1.40.6-150700.4.3.1
Ссылки
- Link for SUSE-SU-2025:01888-1
- E-Mail link for SUSE-SU-2025:01888-1
- SUSE Security Ratings
- SUSE Bug 1243108
- SUSE Bug 1243110
- SUSE CVE CVE-2025-47711 page
- SUSE CVE CVE-2025-47712 page
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP7:nbdkit-1.40.6-150700.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP7:nbdkit-basic-filters-1.40.6-150700.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP7:nbdkit-basic-plugins-1.40.6-150700.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP7:nbdkit-curl-plugin-1.40.6-150700.4.3.1
Ссылки
- CVE-2025-47711
- SUSE Bug 1243110
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP7:nbdkit-1.40.6-150700.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP7:nbdkit-basic-filters-1.40.6-150700.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP7:nbdkit-basic-plugins-1.40.6-150700.4.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP7:nbdkit-curl-plugin-1.40.6-150700.4.3.1
Ссылки
- CVE-2025-47712
- SUSE Bug 1243108