Overview

File _patchinfo of Package patchinfo.38731

<patchinfo incident="38731">
  <issue tracker="cve" id="2025-47712"/>
  <issue tracker="cve" id="2025-47711"/>
  <issue tracker="bnc" id="1243110">VUL-0: CVE-2025-47711: nbd,nbdkit: offnbdkit-by-one error when processing block status may lead to a Denial of Service</issue>
  <issue tracker="bnc" id="1243108">VUL-0: CVE-2025-47712: nbd,nbdkit: integer overflow triggers an assertion resulting in Denial of Service</issue>
  <packager>jfehlig</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for nbdkit</summary>
  <description>This update for nbdkit fixes the following issues:

Update to version 1.36.5.

Security fixes:

- CVE-2025-47712: integer overflow in blocksize filter when processing client block status requests larger than 2**32
  will trigger an assertion failure and cause a denial-of-service. (bsc#1243108).
- CVE-2025-47711: off-by-one error when processing block status results from plugins on behalf of an NBD client may
  trigger an assertion failure and cause a denial of service (bsc#1243110).

Other fixes and changes:

- tests: Add test-blkio.sh to unconditional EXTRA_DIST rule.
- Revert "valgrind: Add suppression for liblzma bug".
- vddk: Move "Unknown error" information to the manual.
- ocaml Add better comments to the example plugin.
- ocaml: Simplify pread operation.
- ocaml: Define a struct handle to hold the OCaml handle.
- ocaml: Add OCaml version to --dump-plugin output.
- ocaml: Print callback name when an exception is printed.
- ocaml: Combine all exception printing into a single macro.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places