Debian Security Advisory

DLA-223-1 nbd -- LTS security update

Date Reported:
17 May 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 784657.
In Mitre's CVE dictionary: CVE-2015-0847.
More information:

A vulnerability has been discovered in nbd-server, the server for the Linux Network Block Device.

  • CVE-2015-0847

    Tuomas Räsänen discovered that unsafe signal handling is present in nbd-server. This vulnerability could be exploited by a remote client to cause a denial of service.

For the oldoldstable distribution (squeeze), these problems have been fixed in version 1:2.9.16-8+squeeze2.

For the oldstable, stable, and testing distributions, these problems will be fixed soon.

We recommend that you upgrade your nbd-server packages.