Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-223-1 nbd

Debian Security Advisory

DLA-223-1 nbd -- LTS security update

Date Reported:

17 May 2015

Affected Packages:

nbd

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 784657.
In Mitre's CVE dictionary: CVE-2015-0847.

More information:

A vulnerability has been discovered in nbd-server, the server for the Linux Network Block Device.

• CVE-2015-0847

  Tuomas Räsänen discovered that unsafe signal handling is present in nbd-server. This vulnerability could be exploited by a remote client to cause a denial of service.

For the oldoldstable distribution (squeeze), these problems have been fixed in version 1:2.9.16-8+squeeze2.

For the oldstable, stable, and testing distributions, these problems will be fixed soon.

We recommend that you upgrade your nbd-server packages.