Wouter Verhelst uploaded new packages for nbd which fixed the following security problems: CVE-2015-0847 Tuomas Räsänen discovered that nbd-server unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service. CVE-2013-7441 Tuomas Räsänen discovered that the modern-style negotiation was carried out in the main process before forking the actual client handler. This could allow a remote attacker to cause a denial of service (crash) by querying a non-existent export. For the squeeze-backports distribution,the problems have been fixed in version 1:3.2-4~deb7u5~bpo60+1. The wheezy-backports and jessie-backports suites do not contain nbd packages, and therefore are not vulnerable (but see DSA-3271-1).
Attachment:
signature.asc
Description: Digital signature