[Bug 931987] New: VUL-0: CVE-2013-7441: nbd: NBD server terminates on SIGPIPE during negotiation
http://bugzilla.suse.com/show_bug.cgi?id=931987 Bug ID: 931987 Summary: VUL-0: CVE-2013-7441: nbd: NBD server terminates on SIGPIPE during negotiation Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: ms@suse.com Reporter: abergmann@suse.com QA Contact: qa-bugs@suse.de Found By: Security Response Team Blocker: --- rh#1224074 / CVE-2013-7441 -------------------------------------------- A denial of service flaw was found in nbd: "The listener/root server process terminates on SIGPIPE during negotiation. This is hardly the desired behavior, since any malfunctioning client can brought the listener server down by closing the socket unexpectedly." Additional information: http://sourceforge.net/p/nbd/mailman/message/30410146/ Upstream patch: https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4 -------------------------------------------- References: https://bugzilla.redhat.com/show_bug.cgi?id=1224074 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7441 http://seclists.org/oss-sec/2015/q2/516 http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7441.html -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=931987 Marcus Schaefer <ms@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|ms@suse.com |mpluskal@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=931987 Martin Pluskal <mpluskal@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #2 from Martin Pluskal <mpluskal@suse.com> --- Created http://bugzilla.suse.com/show_bug.cgi?id=930173 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=931987 Martin Pluskal <mpluskal@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Comment #1 is|1 |0 private| | --- Comment #3 from Martin Pluskal <mpluskal@suse.com> --- I meant https://build.opensuse.org/request/show/308367 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=931987 --- Comment #4 from Martin Pluskal <mpluskal@suse.com> --- *** Bug 930173 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=931987 Martin Pluskal <mpluskal@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #5 from Martin Pluskal <mpluskal@suse.com> --- Hopefully I will no become real maintainer - https://build.opensuse.org/request/show/308370 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=931987 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com, | |security-team@suse.de -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com