Publishing details

Changelog

nbd (1:2.9.25-2ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: access restriction bypass via IP partial match
    - nbd-server.c: use strcmp instead of strncmp to compare clients.
    - df890c99337a255979e608d71f42401c0cddd5e0
    - CVE-2013-6410
  * SECURITY UPDATE: denial of service in modern style negotiation
    - nbd-server.c: backport commits to refactor code and handle
      modern-style negotiation in a child process
    - 7fdf3f6531e3f1f61f11bbbc185cc4cf12f86ff9
    - f958e6563bd9e365c8adf6d2cc2aa023ae132681
    - 59c25aa8e743ad0b1ab9aec8837d15181670e057
    - 2a62394c64734f32d4d8205c80ac935f59f3f873
    - abe1977070e2c71d82f473c6d3aa807b489c7fb0
    - 43fa145cc7f0b50cd74c318c27bc00415c6a8499
    - d072873d5756ba52c4cac4d13857e2acab98539f
    - 0b019ad559f6a664fa6f15c429c0bf6ea99ed564
    - e68de3612ac5b58bf64134216e22b131995e62a7
    - 463c8bcf4e638bceb75e33ae3a419f93f1e52a68
    - 22b693e410b0c314f879f437d654c76aeadb97e5
    - 741495cb08503fd32a9d22648e63b64390c601f4
    - CVE-2013-7441
  * SECURITY UPDATE: denial of service via incorrect signal handling
    - nbd-server.c: fix unsafe signal handling
    - 412defe42d03be842c80d21dccf405c435b18432
    - CVE-2015-0847

 -- Marc Deslauriers <email address hidden>  Tue, 14 Jul 2015 07:44:02 -0400

Available diffs

Builds

Built packages

Package files