drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in nbd
Name: |
Mehrere Probleme in nbd |
|
ID: |
USN-2676-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10, Ubuntu 15.04 |
|
Datum: |
Mi, 22. Juli 2015, 23:44 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0847 |
|
Applikationen: |
nbd |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5404408102634241034== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="nW6J10q9mv04Jattb9PTA2uBhNsnuU4G1"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --nW6J10q9mv04Jattb9PTA2uBhNsnuU4G1 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2676-1 July 22, 2015
nbd vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NBD.
Software Description: - nbd: Network Block Device protocol
Details:
It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match and bypass access restrictions. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-6410)
Tuomas RÀsÀnen discovered that NBD incorrectly handled wrong export names and closed connections during negotiation. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-7441)
Tuomas RÀsÀnen discovered that NBD incorrectly handled signals. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service. (CVE-2015-0847)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: nbd-server 1:3.8-4ubuntu0.1
Ubuntu 14.10: nbd-server 1:3.8-1ubuntu0.1
Ubuntu 14.04 LTS: nbd-server 1:3.7-1ubuntu0.1
Ubuntu 12.04 LTS: nbd-server 1:2.9.25-2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2676-1 CVE-2013-6410, CVE-2013-7441, CVE-2015-0847
Package Information: https://launchpad.net/ubuntu/+source/nbd/1:3.8-4ubuntu0.1 https://launchpad.net/ubuntu/+source/nbd/1:3.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/nbd/1:3.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/nbd/1:2.9.25-2ubuntu1.1
--nW6J10q9mv04Jattb9PTA2uBhNsnuU4G1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVr9EmAAoJEGVp2FWnRL6TGoUP/2PJXMlwSru2mpk9HnidJwM0 vK0w38XWKN4shZlFb0l4wfUe+kY+YiDC32wzrwEBwI6kOGUdJb63LumempJCkwRO q7LUuWFcnKhiPS/qTVIlz1DW+6qju+kWDb6rpsoI2ni+CYfJ5P5vu6w8kwNle8Pz maqB2bRSeNLlIV35mORmJhHfMIfRV9u5W8/GIxVpN++MY4RtyNNoTLKbpaAB5O1r rpdnuKedcfLvU1q+/N4MHxh0MFXYcHtpaD9xPr1iA5qybbpt6UASujsJDqvwdi+l A3gbC4o8s7djBpRKMbcjhGynW/4i4oaEL1jYJodSc8gBTJiwc6HfgHfGaQaMDBeQ qExdyT33mTKRMRyHgGJFk/p0Ub/NHH04o4rPcBrmO5ItD0QBGmGhxoiPa9A7WQhS 1Z49Timvx+wJfLxtL0C0OMt1TpzueO65YbHhejCUqpRQmaXjjX2Amk+Z/SXfck/p LiRw51Fw2mj7G+bgnLk2hgeZOwsoXp5+EBgk6iQjBr6JVDNF4hu/l8iD5C+XmMQc O4Neda2jjGk/32E1a2PlcNgmJobqCHrZWUSMpFR72CGOWzyGZ1qcUvacr3gXwXHu qFOGJvpAQ/sA9oRfkr9735RS/gr8KhzcA09Ziu74wWNNiA9IdBFgre7Nl7ojPIQM xcwht+1D3Wn5HFFst8M1 =hI3P -----END PGP SIGNATURE-----
--nW6J10q9mv04Jattb9PTA2uBhNsnuU4G1--
--===============5404408102634241034== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5404408102634241034==--
|
|
|
|