Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 372891 - <sys-block/nbd-2.9.22: DOS (CVE-2011-1925)
Summary: <sys-block/nbd-2.9.22: DOS (CVE-2011-1925)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa]
Depends on:
Reported: 2011-06-24 20:16 UTC by GLSAMaker/CVETool Bot
Modified: 2012-06-25 19:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 20:16:42 UTC
CVE-2011-1925 (
  nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote
  attackers to cause a denial of service (NULL pointer dereference and crash)
  by causing a negotiation failure, as demonstrated by specifying a name for a
  non-existent export.

Is 2.9.22 ok to go stable?
Comment 1 SpanKY gentoo-dev 2011-06-26 16:07:24 UTC
that's fine
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 16:09:50 UTC
(In reply to comment #1)
> that's fine

Great, thanks.

Arches, please test and mark stable:
Target keywords : "amd64 ppc ppc64 x86"
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-06-26 16:22:06 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2011-06-26 16:48:08 UTC
amd64 ok
Comment 5 Ian Delaney (RETIRED) gentoo-dev 2011-06-26 18:17:19 UTC
Comment 6 Christoph Mende (RETIRED) gentoo-dev 2011-06-29 15:05:00 UTC
amd64 stable
Comment 7 Mark Loeser (RETIRED) gentoo-dev 2011-07-06 21:25:48 UTC
ppc64 done
Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-07-09 11:07:18 UTC
ppc stable, last arch done
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-07-09 16:17:55 UTC
Thanks, folks. GLSA Vote: Yes.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 21:33:58 UTC
Vote: YES. Added to pending GLSA request.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2012-06-25 19:23:27 UTC
This issue was resolved and addressed in
 GLSA 201206-35 at
by GLSA coordinator Stefan Behte (craig).