Bug 930173 - (CVE-2015-0847) VUL-0: CVE-2015-0847: nbd: incorrect signal handling DoD
VUL-0: CVE-2015-0847: nbd: incorrect signal handling DoD
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Thomas Abraham
E-mail List
Depends on:
  Show dependency treegraph
Reported: 2015-05-08 08:14 UTC by Alexander Bergmann
Modified: 2019-08-28 14:53 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2015-05-08 08:14:18 UTC

CVE-2015-0847 in nbd-server From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 07 May 2015 22:45:33 +0200

nbd-server uses signal handlers incorrectly, which leads to a denial
of service vulnerability.  We have assigned CVE-2015-0847 to this

This was first reported to the Debian security team by Tuomas Räsänen,
but we did not think this warranted an embargo.

More details are available upstream:

Comment 1 Swamp Workflow Management 2015-05-08 22:00:15 UTC
bugbot adjusting priority
Comment 2 Marcus Schaefer 2015-05-11 07:31:23 UTC
I'm not maintaining nbd. I jumped in to help when Kurt Garloff left the company but afaik Martin Pluskal took it over and cleaned it up greatly
Comment 3 Martin Pluskal 2015-05-11 08:29:17 UTC
While I am not maintainer of nbd, I created sr for factory (nbd-3.10), backporting patches for maint update of old nbd (nbd-3.3) seems to be beyond my capabilities.
Comment 4 Chenzi Cao 2015-05-11 09:02:39 UTC
Hi Tom, would you please help to have a look at this issue? Thank you!
Comment 5 Bernhard Wiedemann 2015-05-22 12:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (930173) was mentioned in
https://build.opensuse.org/request/show/308367 13.2+13.1 / nbd
Comment 6 Martin Pluskal 2015-05-22 12:02:46 UTC
Created https://build.opensuse.org/request/show/308367 and

*** This bug has been marked as a duplicate of bug 931987 ***
Comment 7 Bernhard Wiedemann 2015-05-22 13:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (930173) was mentioned in
https://build.opensuse.org/request/show/308377 13.2+13.1 / nbd
Comment 8 Martin Pluskal 2015-05-22 13:01:51 UTC
I am clumsy on fridays, it is obviously different issue.
Comment 9 Swamp Workflow Management 2015-06-03 15:06:24 UTC
openSUSE-SU-2015:0994-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 930173,931987
CVE References: CVE-2013-7441,CVE-2015-0847
Sources used:
openSUSE 13.2 (src):    nbd-3.3-4.3.1
openSUSE 13.1 (src):    nbd-3.3-2.3.1