Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 372891

Summary: <sys-block/nbd-2.9.22: DOS (CVE-2011-1925)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 20:16:42 UTC
CVE-2011-1925 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1925):
  nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote
  attackers to cause a denial of service (NULL pointer dereference and crash)
  by causing a negotiation failure, as demonstrated by specifying a name for a
  non-existent export.


Is 2.9.22 ok to go stable?
Comment 1 SpanKY gentoo-dev 2011-06-26 16:07:24 UTC
that's fine
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 16:09:50 UTC
(In reply to comment #1)
> that's fine

Great, thanks.

Arches, please test and mark stable:
=sys-block/nbd-2.9.22
Target keywords : "amd64 ppc ppc64 x86"
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-06-26 16:22:06 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2011-06-26 16:48:08 UTC
amd64 ok
Comment 5 Ian Delaney (RETIRED) gentoo-dev 2011-06-26 18:17:19 UTC
ditto
Comment 6 Christoph Mende (RETIRED) gentoo-dev 2011-06-29 15:05:00 UTC
amd64 stable
Comment 7 Mark Loeser (RETIRED) gentoo-dev 2011-07-06 21:25:48 UTC
ppc64 done
Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-07-09 11:07:18 UTC
ppc stable, last arch done
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-07-09 16:17:55 UTC
Thanks, folks. GLSA Vote: Yes.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 21:33:58 UTC
Vote: YES. Added to pending GLSA request.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2012-06-25 19:23:27 UTC
This issue was resolved and addressed in
 GLSA 201206-35 at http://security.gentoo.org/glsa/glsa-201206-35.xml
by GLSA coordinator Stefan Behte (craig).