{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for nbd","title":"Title of the patch"},{"category":"description","text":"This update for nbd fixes the following issues:\n\n- CVE-2022-26495: Fixed an integer overflow with a resultant heap-based buffer overflow (bsc#1196827).\n- CVE-2022-26496: Fixed a stack-based buffer overflow when parsing the name field by sending a crafted NBD_OPT_INFO (bsc#1196828). \n\n\nUpdate to version 3.24 (bsc#1196827, bsc#1196828, CVE-2022-26495, CVE-2022-26496):\n  * https://github.com/advisories/GHSA-q9rw-8758-hccj\n\nUpdate to version 3.23:\n  * Don't overwrite the hostname with the TLS hostname\n\nUpdate to version 3.22:\n  - nbd-server: handle auth for v6-mapped IPv4 addresses \n  - nbd-client.c: parse the next option in all cases\n  - configure.ac: silence a few autoconf 2.71 warnings\n  - spec: Relax NBD_OPT_LIST_META_CONTEXTS \n  - client: Don't confuse Unix socket with TLS hostname\n  - server: Avoid deprecated g_memdup\n\nUpdate to version 3.21:\n  - Fix --disable-manpages build\n  - Fix a bug in whitespace handling regarding authorization files\n  - Support client-side marking of devices as read-only\n  - Support preinitialized NBD connection (i.e., skip the negotiation).\n  - Fix the systemd unit file for nbd-client so it works with netlink (the\n    more common situation nowadays)\n\nUpdate to 3.20.0 (no changelog)\n\nUpdate to version 3.19.0:\n  * Better error messages in case of unexpected disconnects\n  * Better compatibility with non-bash sh implementations\n    (for configure.sh)\n  * Fix for a segfault in NBD_OPT_INFO handling\n  * The ability to specify whether to listen on both TCP and Unix\n    domain sockets, rather than to always do so\n  * Various minor editorial and spelling fixes in the documentation.\n\nUpdate to version 1.18.0:\n  * Client: Add the '-g' option to avoid even trying the NBD_OPT_GO\n    message\n  * Server: fixes to inetd mode\n  * Don't make gnutls and libnl automagic.\n  * Server: bugfixes in handling of some export names during verification.\n  * Server: clean supplementary groups when changing user.\n  * Client: when using the netlink protocol, only set a timeout\n    when there actually is a timeout, rather than defaulting to 0\n    seconds\n  * Improve documentation on the nbdtab file\n  * Minor improvements to some error messages\n  * Improvements to test suite so it works better on non-GNU\n    userland environments\n\n- Update to version 1.17.0:\n  * proto: add xNBD command NBD_CMD_CACHE to the spec\n  * server: do not crash when handling child name\n  * server: Close socket pair when fork fails\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2022-1276,openSUSE-SLE-15.3-2022-1276,openSUSE-SLE-15.4-2022-1276","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1276-1.json"},{"category":"self","summary":"URL for SUSE-SU-2022:1276-1","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20221276-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2022:1276-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2022-April/010767.html"},{"category":"self","summary":"SUSE Bug 1196827","url":"https://bugzilla.suse.com/1196827"},{"category":"self","summary":"SUSE Bug 1196828","url":"https://bugzilla.suse.com/1196828"},{"category":"self","summary":"SUSE CVE CVE-2022-26495 page","url":"https://www.suse.com/security/cve/CVE-2022-26495/"},{"category":"self","summary":"SUSE CVE CVE-2022-26496 page","url":"https://www.suse.com/security/cve/CVE-2022-26496/"}],"title":"Security update for nbd","tracking":{"current_release_date":"2022-04-20T07:17:17Z","generator":{"date":"2022-04-20T07:17:17Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2022:1276-1","initial_release_date":"2022-04-20T07:17:17Z","revision_history":[{"date":"2022-04-20T07:17:17Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"nbd-3.24-150000.3.3.1.aarch64","product":{"name":"nbd-3.24-150000.3.3.1.aarch64","product_id":"nbd-3.24-150000.3.3.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"nbd-3.24-150000.3.3.1.i586","product":{"name":"nbd-3.24-150000.3.3.1.i586","product_id":"nbd-3.24-150000.3.3.1.i586"}}],"category":"architecture","name":"i586"},{"branches":[{"category":"product_version","name":"nbd-3.24-150000.3.3.1.ppc64le","product":{"name":"nbd-3.24-150000.3.3.1.ppc64le","product_id":"nbd-3.24-150000.3.3.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"nbd-3.24-150000.3.3.1.s390x","product":{"name":"nbd-3.24-150000.3.3.1.s390x","product_id":"nbd-3.24-150000.3.3.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"nbd-3.24-150000.3.3.1.x86_64","product":{"name":"nbd-3.24-150000.3.3.1.x86_64","product_id":"nbd-3.24-150000.3.3.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.3","product":{"name":"openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.3"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"nbd-3.24-150000.3.3.1.aarch64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64"},"product_reference":"nbd-3.24-150000.3.3.1.aarch64","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"nbd-3.24-150000.3.3.1.ppc64le as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le"},"product_reference":"nbd-3.24-150000.3.3.1.ppc64le","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"nbd-3.24-150000.3.3.1.s390x as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x"},"product_reference":"nbd-3.24-150000.3.3.1.s390x","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"nbd-3.24-150000.3.3.1.x86_64 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"},"product_reference":"nbd-3.24-150000.3.3.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.3"}]},"vulnerabilities":[{"cve":"CVE-2022-26495","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-26495"}],"notes":[{"category":"general","text":"In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2022-26495","url":"https://www.suse.com/security/cve/CVE-2022-26495"},{"category":"external","summary":"SUSE Bug 1196827 for CVE-2022-26495","url":"https://bugzilla.suse.com/1196827"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2022-04-20T07:17:17Z","details":"important"}],"title":"CVE-2022-26495"},{"cve":"CVE-2022-26496","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-26496"}],"notes":[{"category":"general","text":"In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2022-26496","url":"https://www.suse.com/security/cve/CVE-2022-26496"},{"category":"external","summary":"SUSE Bug 1196828 for CVE-2022-26496","url":"https://bugzilla.suse.com/1196828"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.aarch64","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.ppc64le","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.s390x","openSUSE Leap 15.3:nbd-3.24-150000.3.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2022-04-20T07:17:17Z","details":"important"}],"title":"CVE-2022-26496"}]}