[Full-disclosure] [SECURITY] [DSA 2183-1] nbd security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2183-1 security@xxxxxxxxxx
http://www.debian.org/security/ Raphael Geissert
March 04, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : nbd
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0530

It was discovered a regression of a buffer overflow (CVE-2005-3534) in nbd,
the Network Block Device server, that could allow arbitrary code execution
on the NBD server via a large request.


For the oldstable distribution (lenny), this problem has been fixed in
version 1:2.9.11-3lenny1.

The stable distribution (squeeze), the testing distribution (wheezy),
and the unstable distribution (sid) are not affected. This problem was
fixed prior the release of squeeze in version 1:2.9.16-8.


We recommend that you upgrade your nbd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk1xzt8ACgkQYy49rUbZzloz7QCfYb9WdxP3yuf4q7CaISRTAI8+
o20An2TXgeKYsNLscExlPr+lXpTGUSob
=UTOV
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [SECURITY] [DSA 2183-1] nbd security update
    ... It was discovered a regression of a buffer overflow in nbd, ... The stable distribution, the testing distribution, ... Further information about Debian Security Advisories, ...
    (Bugtraq)
  • [Full-disclosure] [SECURITY] [DSA-2156-1] pcscd security update
    ... MWR InfoSecurity identified a buffer overflow in pcscd, ... For the testing distribution, this problem has been fixed in ... We recommend that you upgrade your pcscd packages. ... Further information about Debian Security Advisories, ...
    (Full-Disclosure)
  • [Full-disclosure] [SECURITY] [DSA 2473-1] openoffice.org security update
    ... leading to a heap-based buffer overflow and potentially arbitrary code ... For the testing distribution and the unstable distribution ... libreoffice package. ... Further information about Debian Security Advisories, ...
    (Full-Disclosure)
  • [Full-disclosure] [SECURITY] [DSA 2351-1] wireshark security update
    ... Huzaifa Sidhpurwala discovered a buffer overflow in Wireshark's ERF ... For the oldstable distribution, this problem has been fixed in ... We recommend that you upgrade your wireshark packages. ... Further information about Debian Security Advisories, ...
    (Full-Disclosure)
  • [SECURITY] [DSA 2473-1] openoffice.org security update
    ... leading to a heap-based buffer overflow and potentially arbitrary code ... For the testing distribution and the unstable distribution ... libreoffice package. ... Further information about Debian Security Advisories, ...
    (Bugtraq)