Ubuntu
nbd package

CVE-2011-0530

Bug #718300 reported by Artur Rona
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nbd (Ubuntu)
Fix Released
Undecided
Artur Rona
Hardy
Fix Released
Medium
Marc Deslauriers
Karmic
Won't Fix
Medium
Marc Deslauriers
Lucid
Fix Released
Medium
Marc Deslauriers
Maverick
Fix Released
Medium
Marc Deslauriers
Natty
Fix Released
Undecided
Artur Rona

Bug Description

CVE-2011-0530 NBD: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version

Artur Rona (ari-tczew)
Changed in nbd (Ubuntu):
assignee: nobody → Artur Rona (ari-tczew)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nbd - 1:2.9.16-7.1ubuntu2

---------------
nbd (1:2.9.16-7.1ubuntu2) natty; urgency=low

  * SECURITY UPDATE: Fix reintroduced CVE-2005-3534. Cherry-pick from
    git upstream 3ef52043861ab16352d49af89e048ba6339d6df8 (LP: #718300)
    - CVE-2011-0530
 -- Artur Rona <email address hidden> Sun, 20 Feb 2011 19:03:16 +0100

Changed in nbd (Ubuntu Natty):
status: New → Fix Released
Marc Deslauriers (mdeslaur)
Changed in nbd (Ubuntu Hardy):
status: New → Confirmed
Changed in nbd (Ubuntu Karmic):
status: New → Confirmed
Changed in nbd (Ubuntu Lucid):
status: New → Confirmed
Changed in nbd (Ubuntu Maverick):
status: New → Confirmed
Changed in nbd (Ubuntu Hardy):
importance: Undecided → Medium
Changed in nbd (Ubuntu Lucid):
importance: Undecided → Medium
Changed in nbd (Ubuntu Karmic):
importance: Undecided → Medium
Changed in nbd (Ubuntu Hardy):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in nbd (Ubuntu Maverick):
importance: Undecided → Medium
Changed in nbd (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in nbd (Ubuntu Karmic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in nbd (Ubuntu Maverick):
assignee: nobody → Marc Deslauriers (mdeslaur)
Marc Deslauriers (mdeslaur)
Changed in nbd (Ubuntu Karmic):
status: Confirmed → Won't Fix
Revision history for this message
C de-Avillez (hggdh2) wrote :

Hardy, Lucid, and Maverick verified, for both i386 and AMD64 server. No visible regressions found.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nbd - 1:2.9.9-1ubuntu1.1

---------------
nbd (1:2.9.9-1ubuntu1.1) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via long request (LP: #718300)
    - nbd-server.c: fix buffer size checking.
    - https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8
    - CVE-2011-0530
 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2011 10:08:22 -0400

Changed in nbd (Ubuntu Hardy):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nbd - 1:2.9.14-2ubuntu1.10.04.1

---------------
nbd (1:2.9.14-2ubuntu1.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via long request (LP: #718300)
    - nbd-server.c: fix buffer size checking.
    - https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8
    - CVE-2011-0530
 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2011 10:06:10 -0400

Changed in nbd (Ubuntu Lucid):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nbd - 1:2.9.14-2ubuntu1.10.10.1

---------------
nbd (1:2.9.14-2ubuntu1.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via long request (LP: #718300)
    - nbd-server.c: fix buffer size checking.
    - https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8
    - CVE-2011-0530
 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2011 09:56:27 -0400

Changed in nbd (Ubuntu Maverick):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.