Re: [Buildroot] [PATCH v2, 1/1] package/nbd: security bump to version 3.24

From: Peter Korsgaard <peter@korsgaard.com>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: "Yann E . MORIN" <yann.morin.1998@free.fr>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH v2, 1/1] package/nbd: security bump to version 3.24
Date: Sun, 27 Mar 2022 22:28:58 +0200	[thread overview]
Message-ID: <87r16nb0mt.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20220313113333.1125977-1-fontaine.fabrice@gmail.com> (Fabrice Fontaine's message of "Sun, 13 Mar 2022 12:33:33 +0100")

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2022-26495: In nbd-server in nbd before 3.24, there is an
 > integer overflow with a resultant heap-based buffer overflow. A value of
 > 0xffffffff in the name length field will cause a zero-sized buffer to be
 > allocated for the name, resulting in a write to a dangling pointer. This
 > issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME
 > messages.

 > Fix CVE-2022-26496: In nbd-server in nbd before 3.24, there is a
 > stack-based buffer overflow. An attacker can cause a buffer overflow in
 > the parsing of the name field by sending a crafted NBD_OPT_INFO or
 > NBD_OPT_GO message with an large value as the length of the name.

 > https://github.com/NetworkBlockDevice/nbd/compare/nbd-3.21...nbd-3.24

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 > ---
 > Changes v1 -> v2:
 >  - Tag as a security bump and add CVEs

Committed to 2021.02.x and 2022.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot