Security update for nbd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0994-1 Final 1 1 2015-05-26T12:16:33Z current 2015-05-26T12:16:33Z 2015-05-26T12:16:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nbd - Fix CVE-2013-7441 (boo#931987) * CVE-2013-7441.patch - Fix CVE-2015-0847 (boo#930173) * nbd_signaling_CVE-2015-0847.patch The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-06/msg00003.html E-Mail link for openSUSE-SU-2015:0994-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings nbd-3.3-2.3.1 nbd-doc-3.3-2.3.1 The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export. CVE-2013-7441 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-06/msg00003.html https://www.suse.com/security/cve/CVE-2013-7441.html CVE-2013-7441 https://bugzilla.suse.com/931987 SUSE Bug 931987 nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. CVE-2015-0847 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-06/msg00003.html https://www.suse.com/security/cve/CVE-2015-0847.html CVE-2015-0847 https://bugzilla.suse.com/930173 SUSE Bug 930173