[SECURITY] [DLA 223-1] nbd security update

2015-05-1709:20:25

lists.debian.org

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.4 Medium

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.9%

JSON

Package : nbd
Version : 1:2.9.16-8+squeeze2
CVE ID : CVE-2015-0847
Debian Bug : 784657

A vulnerability has been discovered in nbd-server, the server for the
Linux Network Block Device.

CVE-2015-0847

Tuomas Räsänen discovered that unsafe signal handling is present in
nbd-server. This vulnerability could be exploited by a remote client
to cause a denial of service.

For the oldoldstable distribution (squeeze), these problems have been
fixed in version 1:2.9.16-8+squeeze2.

For the oldstable, stable, and testing distributions, these problems
will be fixed soon.

We recommend that you upgrade your nbd-server packages.

–
Wouter Verhelst
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian6allnbd< 1:2.9.16-8+squeeze2nbd_1:2.9.16-8+squeeze2_all.deb
Debian7mipselnbd-server< 1:3.2-4~deb7u5nbd-server_1:3.2-4~deb7u5_mipsel.deb
Debian8mipsnbd-client< 1:3.8-4+deb8u1nbd-client_1:3.8-4+deb8u1_mips.deb
Debian7armelnbd-client-udeb< 1:3.2-4~deb7u5nbd-client-udeb_1:3.2-4~deb7u5_armel.deb
Debian8armelnbd-server< 1:3.8-4+deb8u1nbd-server_1:3.8-4+deb8u1_armel.deb
Debian7s390xnbd-client-udeb< 1:3.2-4~deb7u5nbd-client-udeb_1:3.2-4~deb7u5_s390x.deb
Debian7sparcnbd-client-udeb< 1:3.2-4~deb7u5nbd-client-udeb_1:3.2-4~deb7u5_sparc.deb
Debian7armhfnbd-server< 1:3.2-4~deb7u5nbd-server_1:3.2-4~deb7u5_armhf.deb
Debian6amd64nbd-server< 1:2.9.16-8+squeeze2nbd-server_1:2.9.16-8+squeeze2_amd64.deb
Debian7ia64nbd-server< 1:3.2-4~deb7u5nbd-server_1:3.2-4~deb7u5_ia64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	all	nbd	< 1:2.9.16-8+squeeze2	nbd_1:2.9.16-8+squeeze2_all.deb
Debian	7	mipsel	nbd-server	< 1:3.2-4~deb7u5	nbd-server_1:3.2-4~deb7u5_mipsel.deb
Debian	8	mips	nbd-client	< 1:3.8-4+deb8u1	nbd-client_1:3.8-4+deb8u1_mips.deb
Debian	7	armel	nbd-client-udeb	< 1:3.2-4~deb7u5	nbd-client-udeb_1:3.2-4~deb7u5_armel.deb
Debian	8	armel	nbd-server	< 1:3.8-4+deb8u1	nbd-server_1:3.8-4+deb8u1_armel.deb
Debian	7	s390x	nbd-client-udeb	< 1:3.2-4~deb7u5	nbd-client-udeb_1:3.2-4~deb7u5_s390x.deb
Debian	7	sparc	nbd-client-udeb	< 1:3.2-4~deb7u5	nbd-client-udeb_1:3.2-4~deb7u5_sparc.deb
Debian	7	armhf	nbd-server	< 1:3.2-4~deb7u5	nbd-server_1:3.2-4~deb7u5_armhf.deb
Debian	6	amd64	nbd-server	< 1:2.9.16-8+squeeze2	nbd-server_1:2.9.16-8+squeeze2_amd64.deb
Debian	7	ia64	nbd-server	< 1:3.2-4~deb7u5	nbd-server_1:3.2-4~deb7u5_ia64.deb