Ubuntu

CVE-2011-0530

Reported by Artur Rona on 2011-02-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nbd (Ubuntu)
Undecided
Artur Rona
Hardy
Medium
Marc Deslauriers
Karmic
Medium
Marc Deslauriers
Lucid
Medium
Marc Deslauriers
Maverick
Medium
Marc Deslauriers
Natty
Undecided
Artur Rona

Bug Description

CVE-2011-0530 NBD: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version

Artur Rona (ari-tczew) on 2011-02-13
Changed in nbd (Ubuntu):
assignee: nobody → Artur Rona (ari-tczew)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nbd - 1:2.9.16-7.1ubuntu2

---------------
nbd (1:2.9.16-7.1ubuntu2) natty; urgency=low

  * SECURITY UPDATE: Fix reintroduced CVE-2005-3534. Cherry-pick from
    git upstream 3ef52043861ab16352d49af89e048ba6339d6df8 (LP: #718300)
    - CVE-2011-0530
 -- Artur Rona <email address hidden> Sun, 20 Feb 2011 19:03:16 +0100

Changed in nbd (Ubuntu Natty):
status: New → Fix Released
Changed in nbd (Ubuntu Hardy):
status: New → Confirmed
Changed in nbd (Ubuntu Karmic):
status: New → Confirmed
Changed in nbd (Ubuntu Lucid):
status: New → Confirmed
Changed in nbd (Ubuntu Maverick):
status: New → Confirmed
Changed in nbd (Ubuntu Hardy):
importance: Undecided → Medium
Changed in nbd (Ubuntu Lucid):
importance: Undecided → Medium
Changed in nbd (Ubuntu Karmic):
importance: Undecided → Medium
Changed in nbd (Ubuntu Hardy):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in nbd (Ubuntu Maverick):
importance: Undecided → Medium
Changed in nbd (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in nbd (Ubuntu Karmic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in nbd (Ubuntu Maverick):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in nbd (Ubuntu Karmic):
status: Confirmed → Won't Fix
C de-Avillez (hggdh2) wrote :

Hardy, Lucid, and Maverick verified, for both i386 and AMD64 server. No visible regressions found.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nbd - 1:2.9.9-1ubuntu1.1

---------------
nbd (1:2.9.9-1ubuntu1.1) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via long request (LP: #718300)
    - nbd-server.c: fix buffer size checking.
    - https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8
    - CVE-2011-0530
 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2011 10:08:22 -0400

Changed in nbd (Ubuntu Hardy):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nbd - 1:2.9.14-2ubuntu1.10.04.1

---------------
nbd (1:2.9.14-2ubuntu1.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via long request (LP: #718300)
    - nbd-server.c: fix buffer size checking.
    - https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8
    - CVE-2011-0530
 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2011 10:06:10 -0400

Changed in nbd (Ubuntu Lucid):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nbd - 1:2.9.14-2ubuntu1.10.10.1

---------------
nbd (1:2.9.14-2ubuntu1.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via long request (LP: #718300)
    - nbd-server.c: fix buffer size checking.
    - https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8
    - CVE-2011-0530
 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2011 09:56:27 -0400

Changed in nbd (Ubuntu Maverick):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers