Bug 372891

Summary:	<sys-block/nbd-2.9.22: DOS (CVE-2011-1925)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	base-system
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [glsa]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2011-06-24 20:16:42 UTC

CVE-2011-1925 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1925):
  nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote
  attackers to cause a denial of service (NULL pointer dereference and crash)
  by causing a negotiation failure, as demonstrated by specifying a name for a
  non-existent export.


Is 2.9.22 ok to go stable?

Comment 1 SpanKY gentoo-dev

2011-06-26 16:07:24 UTC

that's fine

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2011-06-26 16:09:50 UTC

(In reply to comment #1)
> that's fine

Great, thanks.

Arches, please test and mark stable:
=sys-block/nbd-2.9.22
Target keywords : "amd64 ppc ppc64 x86"

Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-06-26 16:22:06 UTC

x86 stable

Comment 4 Agostino Sarubbo gentoo-dev

2011-06-26 16:48:08 UTC

amd64 ok

Comment 5 Ian Delaney (RETIRED) gentoo-dev

2011-06-26 18:17:19 UTC

ditto

Comment 6 Christoph Mende (RETIRED) gentoo-dev

2011-06-29 15:05:00 UTC

amd64 stable

Comment 7 Mark Loeser (RETIRED) gentoo-dev

2011-07-06 21:25:48 UTC

ppc64 done

Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev

2011-07-09 11:07:18 UTC

ppc stable, last arch done

Comment 9 Tim Sammut (RETIRED) gentoo-dev

2011-07-09 16:17:55 UTC

Thanks, folks. GLSA Vote: Yes.

Comment 10 Stefan Behte (RETIRED) gentoo-dev

2011-10-08 21:33:58 UTC

Vote: YES. Added to pending GLSA request.

Comment 11 GLSAMaker/CVETool Bot gentoo-dev

2012-06-25 19:23:27 UTC

This issue was resolved and addressed in
 GLSA 201206-35 at http://security.gentoo.org/glsa/glsa-201206-35.xml
by GLSA coordinator Stefan Behte (craig).