Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1058 nbd security update 14 March 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: nbd Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-26496 CVE-2022-26495 Original Bulletin: http://www.debian.org/security/2022/dsa-5100 Comment: CVSS (Max): 9.8 CVE-2022-26496 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5100-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : nbd CVE ID : CVE-2022-26495 CVE-2022-26496 Debian Bug : 1003863 1006915 Two vulnerabilities were discovered in the server for the Network Block Device (NBD), which could result in the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed in version 1:3.19-3+deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 1:3.21-1+deb11u1. We recommend that you upgrade your nbd packages. For the detailed security status of nbd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nbd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmIsw1YACgkQEMKTtsN8 TjY8EQ//doPYe1GfwDQToibTBSS29D4T2nMX9NXLRgDEC6Vpg2NjlWqcL+B7os3c wGPfIrZXjGN+CqwQdFNAWoSd1IyNIS5KrR4vK50PvQhpefa6ZVv4D2yiG/J0tIK2 T77Hp4CuGrjK2Ej5dGh4TnbLPVhGT2KV6kG1wnqfHe+M+gIVAe4sRm3OSArDGAfu 1wCPS8k+UbqPiRU4fHE1bxW6E9SoePCDUYGS8rbOImsRaEq5ZfDMRLBeDEBm8X7B c3OaZDpYgLA4CdYjqz/WmlIE5pzKIfbJhnzA6EhAYxlP4r+L2gzEWXFkMNyJKmMd aoYTD6RjKYhcGSysq4VsPAEVCo6n3/7ivAlv/b1YuH5RfTXPXuDSlKJwjXMtjPS7 V1U0G3ufP9wOgLY4JFIInNBAmCRcxza8P6sqzCiQznnKwB85nZRXAtz3Jd5R9pb+ 0suLb+Qb/LyferCQEy/tl98A9qqJeyyNXidsQb7XNK2o7K1uMRq3TnI4AFIaBQSM oEJnFXTfyiLPfqNTjImIz9R6/yX66HyJ/Z7dSRINj9UhKufe0rR0+VzIMTg9zDi8 UmKfjgX7UYOKhxmgvGLKN0iUt56A6QAVNWAkdB7rkHyRVaQLsNJz5jaZx6peEgY4 9C6XSg42QgmW25hrVCZbwUzwJ13cb/vNxoDBbeHU6lctJUELPqk= =Z+vM - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYi57qeNLKJtyKPYoAQhT0Q/+Izf2C+5e7La5macJD9StrWAXXR2SqGvM NfaPrES5uekST7cEB8XpWWC37+GT2AebSH+3YY/xIK2dsXJUkLSIHumj/FKf2G+R fzMUv3rOQqJdbI7zaGoR3SuZfMdPOkm8IDe8mdMwrLhWsz4OiAKA+PA+5bKYcQoB 19FxCm0KV5YEjkUioTOzu+IYxlS5NHyVAhQUa8/nK5Fv4H7LTsCYMuM4Aotz0SSU sqnBIt8wwy2B8bi8TUUk6SRzO4a/Q27zg8SGM/pnaZvjCWDZ40QXN445TxNlPr3t KwuS3B3y8p0egCLmb5d68rq2ooozV8Sm0hJx/R3AuyM3EnI4aFNaQHHgOyRT5wws 3/0aCey/9Skil+6SMJ6gFmAY80py77jnlc83B0048f0y2lPNVqcw8HBU9a4VAzNb VnBNnuyj+05Ku581+CiVS0WWW2K5QV18MBPKQCGk/uWYSFSncMr73BFBTgZKO+Mt amlKESoUq4K2n3DRKr0BQ+J7sgnhAFcFrTPibszyBj/cGw5KBfSgdCO/MqVSfd+/ C6l5v+5CWpdUyXwVmVdkilUWcssPLZgBmnBVn3z8BbS5wRujJX+MI5JrJJ0eb9xS k0vxeu+igoc2tr0nBgtu535YlJwGdsqTjreaDld5gXcGOeG1wAQhSZPoKL7EtKFM JFnhNjWdPCg= =yz9a -----END PGP SIGNATURE-----