From: Arnout Vandecappelle <arnout@mind.be>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>, buildroot@buildroot.org
Cc: "Yann E . MORIN" <yann.morin.1998@free.fr>
Subject: Re: [Buildroot] [PATCH v2, 1/1] package/nbd: security bump to version 3.24
Date: Wed, 23 Mar 2022 21:26:02 +0100 [thread overview]
Message-ID: <29dfce7f-a6f5-415b-aaf0-3efca36fa8d8@mind.be> (raw)
In-Reply-To: <20220313113333.1125977-1-fontaine.fabrice@gmail.com>
On 13/03/2022 12:33, Fabrice Fontaine wrote:
> Fix CVE-2022-26495: In nbd-server in nbd before 3.24, there is an
> integer overflow with a resultant heap-based buffer overflow. A value of
> 0xffffffff in the name length field will cause a zero-sized buffer to be
> allocated for the name, resulting in a write to a dangling pointer. This
> issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME
> messages.
>
> Fix CVE-2022-26496: In nbd-server in nbd before 3.24, there is a
> stack-based buffer overflow. An attacker can cause a buffer overflow in
> the parsing of the name field by sending a crafted NBD_OPT_INFO or
> NBD_OPT_GO message with an large value as the length of the name.
>
> https://github.com/NetworkBlockDevice/nbd/compare/nbd-3.21...nbd-3.24
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
Regards,
Arnout
> ---
> Changes v1 -> v2:
> - Tag as a security bump and add CVEs
>
> package/nbd/nbd.hash | 8 ++++----
> package/nbd/nbd.mk | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/package/nbd/nbd.hash b/package/nbd/nbd.hash
> index f0df35bc27..f58a89bf9a 100644
> --- a/package/nbd/nbd.hash
> +++ b/package/nbd/nbd.hash
> @@ -1,7 +1,7 @@
> -# From http://sourceforge.net/projects/nbd/files/nbd/3.21/
> -md5 c51c4c500fe1ed84c3d5d5dd2ca71d23 nbd-3.21.tar.xz
> -sha1 88c3296d43d20d7bda97e0f1bab0243a4f6fa880 nbd-3.21.tar.xz
> +# From http://sourceforge.net/projects/nbd/files/nbd/3.24/
> +md5 a6d9e7bbc311a2ed07ef84a58b82b5dd nbd-3.24.tar.xz
> +sha1 72c59ef5186ae355de6f539a1b348e18cbb8314e nbd-3.24.tar.xz
>
> # Locally calculated
> -sha256 e7688af39d91733bbcd2db08062c44fe503d004e51528740139c44aff6a6bef9 nbd-3.21.tar.xz
> +sha256 6877156d23a7b33f75eee89d2f5c2c91c542afc3cdcb636dea5a88539a58d10c nbd-3.24.tar.xz
> sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
> diff --git a/package/nbd/nbd.mk b/package/nbd/nbd.mk
> index 0a7f08b2cf..f0fb23910e 100644
> --- a/package/nbd/nbd.mk
> +++ b/package/nbd/nbd.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -NBD_VERSION = 3.21
> +NBD_VERSION = 3.24
> NBD_SOURCE = nbd-$(NBD_VERSION).tar.xz
> NBD_SITE = http://downloads.sourceforge.net/project/nbd/nbd/$(NBD_VERSION)
> NBD_CONF_OPTS = --enable-lfs
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-03-23 20:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-13 11:33 [Buildroot] [PATCH v2, 1/1] package/nbd: security bump to version 3.24 Fabrice Fontaine
2022-03-23 20:26 ` Arnout Vandecappelle [this message]
2022-03-27 20:28 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=29dfce7f-a6f5-415b-aaf0-3efca36fa8d8@mind.be \
--to=arnout@mind.be \
--cc=buildroot@buildroot.org \
--cc=fontaine.fabrice@gmail.com \
--cc=yann.morin.1998@free.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.