-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2944-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 10, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : nbd Version : 1:3.15.2-3+deb9u1 CVE ID : CVE-2022-26495 Debian Bugs : #1003863 #1006915 An integer overflow (with a resultant heap-based buffer overflow) was discovered in the nbd Network Block Device server. A value of 0xffffffff in the name length field could have caused a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. For Debian 9 "Stretch", this problem has been fixed in version 1:3.15.2-3+deb9u1. We recommend that you upgrade your nbd packages. For the detailed security status of nbd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nbd Thanks to Wouter Verhelst for help in preparing this update. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmIqOPAACgkQHpU+J9Qx HlhCvA/+KTVzR0cusjyKiDfvFIMdb8AuGXo+NleOL29v/oZiIf20cFy1vpbSAmuS xCpft1Vx8kn1ia1f7QFVR4g66gOs5liKTlkrcrbBffXvBSki+/O/TuP7rWeS76a8 10Q+rXOzvCMVPNOthbebVR8pYERp7saLPcJFjT6s/tfB3sBO6JuTt2NxSEb3co46 qstXqfKODTZtO+tHVpekYAZsj8+nYxdW9Ngc5AP9LUeMzSZs4/iyHXwD23/4YLkx E86rFFGDLm/Z73F6Ol/uqS0RTUyrDKkYRMrmpatx75oc9NPEF3sPJlNPr9w95r15 xGHu9RVtMv9QNEsyjhhDVLwK1nNCQa9+4GEqXHGNE/g0heXv7fZtDltHBiqidb2P MX9FYlTACgMHq5zLMy0+w+phQV0L3vZGqHX1Ly40O0HL2UdcziG9Z8cJjQJ3bKn0 FQvbHidE9MUKcHfU6cIEvXF+AByFRrp3nj+GA3d99TKfOL5ffVRCGFhWj9Xhs8lE tRbTvYxYdER2eRuXRbxuThrNR+oxPaq2jP26Av8+HGMgA1o+HwSOhLg/xqKx8yPq 6YuvkQN5+VHJD7JqPP2UU52+s1GcMQxS42LB0rlLvuGxcdLDSzG10TcEbwg2Evl7 2KzRahAMX7ZaWjzo8jYXiItnhk4+M84MId/N4HHWgD+KKVhZQc0= =M1jQ -----END PGP SIGNATURE-----
