Bugzilla – Bug 930173
VUL-0: CVE-2015-0847: nbd: incorrect signal handling DoD
Last modified: 2019-08-28 14:53:16 UTC
http://seclists.org/oss-sec/2015/q2/388 CVE-2015-0847 in nbd-server From: Florian Weimer <fw () deneb enyo de> Date: Thu, 07 May 2015 22:45:33 +0200 nbd-server uses signal handlers incorrectly, which leads to a denial of service vulnerability. We have assigned CVE-2015-0847 to this vulnerability. This was first reported to the Debian security team by Tuomas Räsänen, but we did not think this warranted an embargo. More details are available upstream: <http://sourceforge.net/p/nbd/mailman/message/34091218/>
bugbot adjusting priority
I'm not maintaining nbd. I jumped in to help when Kurt Garloff left the company but afaik Martin Pluskal took it over and cleaned it up greatly
While I am not maintainer of nbd, I created sr for factory (nbd-3.10), backporting patches for maint update of old nbd (nbd-3.3) seems to be beyond my capabilities.
Hi Tom, would you please help to have a look at this issue? Thank you!
This is an autogenerated message for OBS integration: This bug (930173) was mentioned in https://build.opensuse.org/request/show/308367 13.2+13.1 / nbd
Created https://build.opensuse.org/request/show/308367 and *** This bug has been marked as a duplicate of bug 931987 ***
This is an autogenerated message for OBS integration: This bug (930173) was mentioned in https://build.opensuse.org/request/show/308377 13.2+13.1 / nbd
I am clumsy on fridays, it is obviously different issue.
openSUSE-SU-2015:0994-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 930173,931987 CVE References: CVE-2013-7441,CVE-2015-0847 Sources used: openSUSE 13.2 (src): nbd-3.3-4.3.1 openSUSE 13.1 (src): nbd-3.3-2.3.1