All of lore.kernel.org
 help / color / mirror / Atom feed
From: Arnout Vandecappelle <arnout@mind.be>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>, buildroot@buildroot.org
Cc: "Yann E . MORIN" <yann.morin.1998@free.fr>
Subject: Re: [Buildroot] [PATCH v2, 1/1] package/nbd: security bump to version 3.24
Date: Wed, 23 Mar 2022 21:26:02 +0100	[thread overview]
Message-ID: <29dfce7f-a6f5-415b-aaf0-3efca36fa8d8@mind.be> (raw)
In-Reply-To: <20220313113333.1125977-1-fontaine.fabrice@gmail.com>



On 13/03/2022 12:33, Fabrice Fontaine wrote:
> Fix CVE-2022-26495: In nbd-server in nbd before 3.24, there is an
> integer overflow with a resultant heap-based buffer overflow. A value of
> 0xffffffff in the name length field will cause a zero-sized buffer to be
> allocated for the name, resulting in a write to a dangling pointer. This
> issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME
> messages.
> 
> Fix CVE-2022-26496: In nbd-server in nbd before 3.24, there is a
> stack-based buffer overflow. An attacker can cause a buffer overflow in
> the parsing of the name field by sending a crafted NBD_OPT_INFO or
> NBD_OPT_GO message with an large value as the length of the name.
> 
> https://github.com/NetworkBlockDevice/nbd/compare/nbd-3.21...nbd-3.24
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

  Applied to master, thanks.

  Regards,
  Arnout

> ---
> Changes v1 -> v2:
>   - Tag as a security bump and add CVEs
> 
>   package/nbd/nbd.hash | 8 ++++----
>   package/nbd/nbd.mk   | 2 +-
>   2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/package/nbd/nbd.hash b/package/nbd/nbd.hash
> index f0df35bc27..f58a89bf9a 100644
> --- a/package/nbd/nbd.hash
> +++ b/package/nbd/nbd.hash
> @@ -1,7 +1,7 @@
> -# From http://sourceforge.net/projects/nbd/files/nbd/3.21/
> -md5  c51c4c500fe1ed84c3d5d5dd2ca71d23  nbd-3.21.tar.xz
> -sha1  88c3296d43d20d7bda97e0f1bab0243a4f6fa880  nbd-3.21.tar.xz
> +# From http://sourceforge.net/projects/nbd/files/nbd/3.24/
> +md5  a6d9e7bbc311a2ed07ef84a58b82b5dd  nbd-3.24.tar.xz
> +sha1  72c59ef5186ae355de6f539a1b348e18cbb8314e  nbd-3.24.tar.xz
>   
>   # Locally calculated
> -sha256  e7688af39d91733bbcd2db08062c44fe503d004e51528740139c44aff6a6bef9  nbd-3.21.tar.xz
> +sha256  6877156d23a7b33f75eee89d2f5c2c91c542afc3cdcb636dea5a88539a58d10c  nbd-3.24.tar.xz
>   sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
> diff --git a/package/nbd/nbd.mk b/package/nbd/nbd.mk
> index 0a7f08b2cf..f0fb23910e 100644
> --- a/package/nbd/nbd.mk
> +++ b/package/nbd/nbd.mk
> @@ -4,7 +4,7 @@
>   #
>   ################################################################################
>   
> -NBD_VERSION = 3.21
> +NBD_VERSION = 3.24
>   NBD_SOURCE = nbd-$(NBD_VERSION).tar.xz
>   NBD_SITE = http://downloads.sourceforge.net/project/nbd/nbd/$(NBD_VERSION)
>   NBD_CONF_OPTS = --enable-lfs
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

  reply	other threads:[~2022-03-23 20:26 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-13 11:33 [Buildroot] [PATCH v2, 1/1] package/nbd: security bump to version 3.24 Fabrice Fontaine
2022-03-23 20:26 ` Arnout Vandecappelle [this message]
2022-03-27 20:28 ` Peter Korsgaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=29dfce7f-a6f5-415b-aaf0-3efca36fa8d8@mind.be \
    --to=arnout@mind.be \
    --cc=buildroot@buildroot.org \
    --cc=fontaine.fabrice@gmail.com \
    --cc=yann.morin.1998@free.fr \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.