suse-su-2022:1276-1
Vulnerability from csaf_suse
Published
2022-04-20 07:17
Modified
2022-04-20 07:17
Summary
Security update for nbd
Notes
Title of the patch
Security update for nbd
Description of the patch
This update for nbd fixes the following issues:
- CVE-2022-26495: Fixed an integer overflow with a resultant heap-based buffer overflow (bsc#1196827).
- CVE-2022-26496: Fixed a stack-based buffer overflow when parsing the name field by sending a crafted NBD_OPT_INFO (bsc#1196828).
Update to version 3.24 (bsc#1196827, bsc#1196828, CVE-2022-26495, CVE-2022-26496):
* https://github.com/advisories/GHSA-q9rw-8758-hccj
Update to version 3.23:
* Don't overwrite the hostname with the TLS hostname
Update to version 3.22:
- nbd-server: handle auth for v6-mapped IPv4 addresses
- nbd-client.c: parse the next option in all cases
- configure.ac: silence a few autoconf 2.71 warnings
- spec: Relax NBD_OPT_LIST_META_CONTEXTS
- client: Don't confuse Unix socket with TLS hostname
- server: Avoid deprecated g_memdup
Update to version 3.21:
- Fix --disable-manpages build
- Fix a bug in whitespace handling regarding authorization files
- Support client-side marking of devices as read-only
- Support preinitialized NBD connection (i.e., skip the negotiation).
- Fix the systemd unit file for nbd-client so it works with netlink (the
more common situation nowadays)
Update to 3.20.0 (no changelog)
Update to version 3.19.0:
* Better error messages in case of unexpected disconnects
* Better compatibility with non-bash sh implementations
(for configure.sh)
* Fix for a segfault in NBD_OPT_INFO handling
* The ability to specify whether to listen on both TCP and Unix
domain sockets, rather than to always do so
* Various minor editorial and spelling fixes in the documentation.
Update to version 1.18.0:
* Client: Add the '-g' option to avoid even trying the NBD_OPT_GO
message
* Server: fixes to inetd mode
* Don't make gnutls and libnl automagic.
* Server: bugfixes in handling of some export names during verification.
* Server: clean supplementary groups when changing user.
* Client: when using the netlink protocol, only set a timeout
when there actually is a timeout, rather than defaulting to 0
seconds
* Improve documentation on the nbdtab file
* Minor improvements to some error messages
* Improvements to test suite so it works better on non-GNU
userland environments
- Update to version 1.17.0:
* proto: add xNBD command NBD_CMD_CACHE to the spec
* server: do not crash when handling child name
* server: Close socket pair when fork fails
Patchnames
SUSE-2022-1276,openSUSE-SLE-15.3-2022-1276,openSUSE-SLE-15.4-2022-1276
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nbd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nbd fixes the following issues:\n\n- CVE-2022-26495: Fixed an integer overflow with a resultant heap-based buffer overflow (bsc#1196827).\n- CVE-2022-26496: Fixed a stack-based buffer overflow when parsing the name field by sending a crafted NBD_OPT_INFO (bsc#1196828). \n\n\nUpdate to version 3.24 (bsc#1196827, bsc#1196828, CVE-2022-26495, CVE-2022-26496):\n * https://github.com/advisories/GHSA-q9rw-8758-hccj\n\nUpdate to version 3.23:\n * Don\u0027t overwrite the hostname with the TLS hostname\n\nUpdate to version 3.22:\n - nbd-server: handle auth for v6-mapped IPv4 addresses \n - nbd-client.c: parse the next option in all cases\n - configure.ac: silence a few autoconf 2.71 warnings\n - spec: Relax NBD_OPT_LIST_META_CONTEXTS \n - client: Don\u0027t confuse Unix socket with TLS hostname\n - server: Avoid deprecated g_memdup\n\nUpdate to version 3.21:\n - Fix --disable-manpages build\n - Fix a bug in whitespace handling regarding authorization files\n - Support client-side marking of devices as read-only\n - Support preinitialized NBD connection (i.e., skip the negotiation).\n - Fix the systemd unit file for nbd-client so it works with netlink (the\n more common situation nowadays)\n\nUpdate to 3.20.0 (no changelog)\n\nUpdate to version 3.19.0:\n * Better error messages in case of unexpected disconnects\n * Better compatibility with non-bash sh implementations\n (for configure.sh)\n * Fix for a segfault in NBD_OPT_INFO handling\n * The ability to specify whether to listen on both TCP and Unix\n domain sockets, rather than to always do so\n * Various minor editorial and spelling fixes in the documentation.\n\nUpdate to version 1.18.0:\n * Client: Add the \u0027-g\u0027 option to avoid even trying the NBD_OPT_GO\n message\n * Server: fixes to inetd mode\n * Don\u0027t make gnutls and libnl automagic.\n * Server: bugfixes in handling of some export names during verification.\n * Server: clean supplementary groups when changing user.\n * Client: when using the netlink protocol, only set a timeout\n when there actually is a timeout, rather than defaulting to 0\n seconds\n * Improve documentation on the nbdtab file\n * Minor improvements to some error messages\n * Improvements to test suite so it works better on non-GNU\n userland environments\n\n- Update to version 1.17.0:\n * proto: add xNBD command NBD_CMD_CACHE to the spec\n * server: do not crash when handling child name\n * server: Close socket pair when fork fails\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1276,openSUSE-SLE-15.3-2022-1276,openSUSE-SLE-15.4-2022-1276",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1276-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1276-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221276-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1276-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010767.html"
},
{
"category": "self",
"summary": "SUSE Bug 1196827",
"url": "https://bugzilla.suse.com/1196827"
},
{
"category": "self",
"summary": "SUSE Bug 1196828",
"url": "https://bugzilla.suse.com/1196828"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26495 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26496 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26496/"
}
],
"title": "Security update for nbd",
"tracking": {
"current_release_date": "2022-04-20T07:17:17Z",
"generator": {
"date": "2022-04-20T07:17:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1276-1",
"initial_release_date": "2022-04-20T07:17:17Z",
"revision_history": [
{
"date": "2022-04-20T07:17:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nbd-3.24-150000.3.3.1.aarch64",
"product": {
"name": "nbd-3.24-150000.3.3.1.aarch64",
"product_id": "nbd-3.24-150000.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nbd-3.24-150000.3.3.1.i586",
"product": {
"name": "nbd-3.24-150000.3.3.1.i586",
"product_id": "nbd-3.24-150000.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nbd-3.24-150000.3.3.1.ppc64le",
"product": {
"name": "nbd-3.24-150000.3.3.1.ppc64le",
"product_id": "nbd-3.24-150000.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nbd-3.24-150000.3.3.1.s390x",
"product": {
"name": "nbd-3.24-150000.3.3.1.s390x",
"product_id": "nbd-3.24-150000.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nbd-3.24-150000.3.3.1.x86_64",
"product": {
"name": "nbd-3.24-150000.3.3.1.x86_64",
"product_id": "nbd-3.24-150000.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nbd-3.24-150000.3.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64"
},
"product_reference": "nbd-3.24-150000.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nbd-3.24-150000.3.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le"
},
"product_reference": "nbd-3.24-150000.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nbd-3.24-150000.3.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x"
},
"product_reference": "nbd-3.24-150000.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nbd-3.24-150000.3.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"
},
"product_reference": "nbd-3.24-150000.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-26495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26495"
}
],
"notes": [
{
"category": "general",
"text": "In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26495",
"url": "https://www.suse.com/security/cve/CVE-2022-26495"
},
{
"category": "external",
"summary": "SUSE Bug 1196827 for CVE-2022-26495",
"url": "https://bugzilla.suse.com/1196827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-20T07:17:17Z",
"details": "important"
}
],
"title": "CVE-2022-26495"
},
{
"cve": "CVE-2022-26496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26496"
}
],
"notes": [
{
"category": "general",
"text": "In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26496",
"url": "https://www.suse.com/security/cve/CVE-2022-26496"
},
{
"category": "external",
"summary": "SUSE Bug 1196828 for CVE-2022-26496",
"url": "https://bugzilla.suse.com/1196828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x",
"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-20T07:17:17Z",
"details": "important"
}
],
"title": "CVE-2022-26496"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…