Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

security issues in nbd-server: CVE-2022-26495 CVE-2022-26496

Related Vulnerabilities: CVE-2022-26495   CVE-2022-26496  

Source

Debian Bug report logs - #1006915
security issues in nbd-server: CVE-2022-26495 CVE-2022-26496

version graph

Package: src:nbd; Maintainer for src:nbd is Wouter Verhelst <wouter@debian.org>;

Reported by: Wouter Verhelst <wouter@debian.org>

Date: Tue, 8 Mar 2022 08:09:01 UTC

Severity: serious

Tags: fixed-upstream, security, upstream

Found in versions nbd/1:3.23-3, nbd/1:3.15.2-3

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org:
Bug#1006915; Package src:nbd. (Tue, 08 Mar 2022 08:09:03 GMT) (full text, mbox, link).

Acknowledgement sent to Wouter Verhelst <wouter@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org. (Tue, 08 Mar 2022 08:09:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Wouter Verhelst <wouter@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: 2 security issues in nbd-server
Date: Tue, 08 Mar 2022 10:04:30 +0200
Source: nbd
Version: 1:3.23-3
Severity: serious
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Two security issues exist in NBD: CVE-2022-26495 and CVE-2022-26496.

The former exists since a very long time; the latter only exists since
the introduction of NBD_OPT_INFO and NBD_OPT_GO in NBD 3.16.

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, riscv64, armhf

Kernel: Linux 5.16.0-3-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8), LANGUAGE=nl_BE:nl
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Added tag(s) upstream and fixed-upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 08 Mar 2022 09:51:02 GMT) (full text, mbox, link).

Changed Bug title to 'security issues in nbd-server: CVE-2022-26495 CVE-2022-26496' from '2 security issues in nbd-server'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 08 Mar 2022 09:51:02 GMT) (full text, mbox, link).

Marked as found in versions nbd/1:3.15.2-3. Request was from Wouter Verhelst <wouter@debian.org> to control@bugs.debian.org. (Tue, 08 Mar 2022 12:21:05 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Tue Mar 8 13:09:36 2022; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started