nbd: Multiple vulnerabilities — GLSA 201206-35

Multiple vulnerabilities were found in nbd, which could lead to remote execution of arbitrary code.

Affected packages

sys-block/nbd on all architectures
Affected versions < 2.9.22
Unaffected versions >= 2.9.22

Background

nbd is a userland client/server for kernel network block device.

Description

Multiple vulnerabilities have been discovered in nbd. Please review the CVE identifiers referenced below for details.

Impact

nbd allows remote attackers to cause a denial of service (NULL pointer dereference and crash) or the execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All nbd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-block/nbd-2.9.22"
 

References

Release date
June 25, 2012

Latest revision
June 25, 2012: 1

Severity
high

Exploitable
remote

Bugzilla entries