Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.1058
nbd security update
14 March 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: nbd
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-26496 CVE-2022-26495
Original Bulletin:
http://www.debian.org/security/2022/dsa-5100
Comment: CVSS (Max): 9.8 CVE-2022-26496 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5100-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 12, 2022 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : nbd
CVE ID : CVE-2022-26495 CVE-2022-26496
Debian Bug : 1003863 1006915
Two vulnerabilities were discovered in the server for the Network Block
Device (NBD), which could result in the execution of arbitrary code.
For the oldstable distribution (buster), these problems have been fixed
in version 1:3.19-3+deb10u1.
For the stable distribution (bullseye), these problems have been fixed in
version 1:3.21-1+deb11u1.
We recommend that you upgrade your nbd packages.
For the detailed security status of nbd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nbd
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmIsw1YACgkQEMKTtsN8
TjY8EQ//doPYe1GfwDQToibTBSS29D4T2nMX9NXLRgDEC6Vpg2NjlWqcL+B7os3c
wGPfIrZXjGN+CqwQdFNAWoSd1IyNIS5KrR4vK50PvQhpefa6ZVv4D2yiG/J0tIK2
T77Hp4CuGrjK2Ej5dGh4TnbLPVhGT2KV6kG1wnqfHe+M+gIVAe4sRm3OSArDGAfu
1wCPS8k+UbqPiRU4fHE1bxW6E9SoePCDUYGS8rbOImsRaEq5ZfDMRLBeDEBm8X7B
c3OaZDpYgLA4CdYjqz/WmlIE5pzKIfbJhnzA6EhAYxlP4r+L2gzEWXFkMNyJKmMd
aoYTD6RjKYhcGSysq4VsPAEVCo6n3/7ivAlv/b1YuH5RfTXPXuDSlKJwjXMtjPS7
V1U0G3ufP9wOgLY4JFIInNBAmCRcxza8P6sqzCiQznnKwB85nZRXAtz3Jd5R9pb+
0suLb+Qb/LyferCQEy/tl98A9qqJeyyNXidsQb7XNK2o7K1uMRq3TnI4AFIaBQSM
oEJnFXTfyiLPfqNTjImIz9R6/yX66HyJ/Z7dSRINj9UhKufe0rR0+VzIMTg9zDi8
UmKfjgX7UYOKhxmgvGLKN0iUt56A6QAVNWAkdB7rkHyRVaQLsNJz5jaZx6peEgY4
9C6XSg42QgmW25hrVCZbwUzwJ13cb/vNxoDBbeHU6lctJUELPqk=
=Z+vM
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYi57qeNLKJtyKPYoAQhT0Q/+Izf2C+5e7La5macJD9StrWAXXR2SqGvM
NfaPrES5uekST7cEB8XpWWC37+GT2AebSH+3YY/xIK2dsXJUkLSIHumj/FKf2G+R
fzMUv3rOQqJdbI7zaGoR3SuZfMdPOkm8IDe8mdMwrLhWsz4OiAKA+PA+5bKYcQoB
19FxCm0KV5YEjkUioTOzu+IYxlS5NHyVAhQUa8/nK5Fv4H7LTsCYMuM4Aotz0SSU
sqnBIt8wwy2B8bi8TUUk6SRzO4a/Q27zg8SGM/pnaZvjCWDZ40QXN445TxNlPr3t
KwuS3B3y8p0egCLmb5d68rq2ooozV8Sm0hJx/R3AuyM3EnI4aFNaQHHgOyRT5wws
3/0aCey/9Skil+6SMJ6gFmAY80py77jnlc83B0048f0y2lPNVqcw8HBU9a4VAzNb
VnBNnuyj+05Ku581+CiVS0WWW2K5QV18MBPKQCGk/uWYSFSncMr73BFBTgZKO+Mt
amlKESoUq4K2n3DRKr0BQ+J7sgnhAFcFrTPibszyBj/cGw5KBfSgdCO/MqVSfd+/
C6l5v+5CWpdUyXwVmVdkilUWcssPLZgBmnBVn3z8BbS5wRujJX+MI5JrJJ0eb9xS
k0vxeu+igoc2tr0nBgtu535YlJwGdsqTjreaDld5gXcGOeG1wAQhSZPoKL7EtKFM
JFnhNjWdPCg=
=yz9a
-----END PGP SIGNATURE-----