UbuntuUpdates.org

Package "nbd-server"

Name: nbd-server

Description:

Network Block Device protocol - server

Latest version: 1:2.9.25-2ubuntu1.1
Release: precise (12.04)
Level: security
Repository: main
Head package: nbd
Homepage: http://nbd.sourceforge.net/

Links


Download "nbd-server"


Other versions of "nbd-server" in Precise

Repository Area Version
base main 1:2.9.25-2ubuntu1
updates main 1:2.9.25-2ubuntu1.1

Changelog

Version: 1:2.9.25-2ubuntu1.1 2015-07-22 18:06:45 UTC

  nbd (1:2.9.25-2ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: access restriction bypass via IP partial match
    - nbd-server.c: use strcmp instead of strncmp to compare clients.
    - df890c99337a255979e608d71f42401c0cddd5e0
    - CVE-2013-6410
  * SECURITY UPDATE: denial of service in modern style negotiation
    - nbd-server.c: backport commits to refactor code and handle
      modern-style negotiation in a child process
    - 7fdf3f6531e3f1f61f11bbbc185cc4cf12f86ff9
    - f958e6563bd9e365c8adf6d2cc2aa023ae132681
    - 59c25aa8e743ad0b1ab9aec8837d15181670e057
    - 2a62394c64734f32d4d8205c80ac935f59f3f873
    - abe1977070e2c71d82f473c6d3aa807b489c7fb0
    - 43fa145cc7f0b50cd74c318c27bc00415c6a8499
    - d072873d5756ba52c4cac4d13857e2acab98539f
    - 0b019ad559f6a664fa6f15c429c0bf6ea99ed564
    - e68de3612ac5b58bf64134216e22b131995e62a7
    - 463c8bcf4e638bceb75e33ae3a419f93f1e52a68
    - 22b693e410b0c314f879f437d654c76aeadb97e5
    - 741495cb08503fd32a9d22648e63b64390c601f4
    - CVE-2013-7441
  * SECURITY UPDATE: denial of service via incorrect signal handling
    - nbd-server.c: fix unsafe signal handling
    - 412defe42d03be842c80d21dccf405c435b18432
    - CVE-2015-0847

 -- Marc Deslauriers Tue, 14 Jul 2015 07:44:02 -0400

CVE-2013-6410 nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended acces
CVE-2013-7441 The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root proce
CVE-2015-0847 nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of se



About   -   Send Feedback to @ubuntu_updates