GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Jun 26, 2012 2:26 am Post subject: [ GLSA 201206-35 ] nbd: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: nbd: Multiple vulnerabilities (GLSA 201206-35)
Severity: high
Exploitable: remote
Date: June 25, 2012
Bug(s): #353097, #372891
ID: 201206-35
Synopsis
Multiple vulnerabilities were found in nbd, which could lead to
remote execution of arbitrary code.
Background
nbd is a userland client/server for kernel network block device.
Affected Packages
Package: sys-block/nbd
Vulnerable: < 2.9.22
Unaffected: >= 2.9.22
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in nbd. Please review the
CVE identifiers referenced below for details.
Impact
nbd allows remote attackers to cause a denial of service (NULL pointer
dereference and crash) or the execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All nbd users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-block/nbd-2.9.22"
|
References
CVE-2011-0530
CVE-2011-1925 |
|