1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202402-10 ] NBD Tools: Multiple Vulnerabilitie

    From glsamaker@gentoo.org@21:1/5 to All on Sun Feb 4 10:50:01 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202402-10
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
    Title: NBD Tools: Multiple Vulnerabilities
    Date: February 04, 2024
    Bugs: #834678
    ID: 202402-10

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been found in NBD Tools, the worst of
    which could result in arbitary code execution.

    Background
    ==========

    The NBD Tools are the Network Block Device utilities allowing one to use
    remote block devices over a TCP/IP network. It includes a userland NBD
    server.

    Affected packages
    =================

    Package Vulnerable Unaffected
    ------------- ------------ ------------
    sys-block/nbd < 3.24 >= 3.24

    Description
    ===========

    Multiple vulnerabilities have been discovered in NBD Tools. Please
    review the CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All NBD Tools users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-block/nbd-3.24"

    References
    ==========

    [ 1 ] CVE-2022-26495
    https://nvd.nist.gov/vuln/detail/CVE-2022-26495
    [ 2 ] CVE-2022-26496
    https://nvd.nist.gov/vuln/detail/CVE-2022-26496

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202402-10

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmW/XO0ACgkQFMQkOaVy +9mVgg//TpuVv4n31ertQwRZkG2n+5SYnoU+aRr9mBvUS23jKsZZo89ccxKbQnN/ HdRK6otl9ZY93H0k0ICGuAThyAtY+2GABNaP4xkr+VIPuOZUsFZ3zmiXhTdMbPaw LKrxw3oFzkWotA1XiwnQwNcrvn+1oiPl61jL1zQWJnvHRarxl6+NmKzS9owNNVoG Wofmu86upW85/s4H3SZOG09P2fKMrkjhf3yOBm0AZSK3AqIRjPPipELxz55uvOKy xOySlbrkUQ9RyeOSQ90i/swATeXTeGxbDmQF2No9Psar5y3Vx+kK4Suo4/Rd/kf2 KY6RjRY0io6UQFpwmTaCecUUNvMdT0Cvcrn7n37rjXHYLNVlD9ValXHhmnSQX2bF wSFWHc4P6KGDkzKLNq5+mwUlSGCYQ8Wx5yk/+39VAdXCL2p7zoZX0hvEG8YSTzDn FENxttp4YpwFiKz2CFBBZ7uwW3D1kulhAoAW2tTY1k2fSF3VA+XN/Cdlr5ktTHiS VKnUzFGBHqr3jYBNiY1uCwQO84xlBY/EpHfJhTXjkz9tp9KpxIZdR/TJdrAFjBw4 gVbQcTKmB2hs8bEx4leWMxvZS8HZV9GKL9vGbmgaYcPb7v62yFrfAs4Pmy0Xu/ZZ JmV+4lB//PJbEw8JLN4/Xf8l6zm3I/hzoPHrImuPLBIvPD14u54=
    =Ackj
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)