Advisories » MGASA-2024-0174

Updated libnbd packages fix security vulnerability

Publication date: 10 May 2024
Modification date: 10 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-5215

Description

A flaw was found in libnbd. A server can reply with a block size larger
than 2^63 (the NBD spec states the size is a 64-bit unsigned value).
This issue could lead to an application crash or other unintended
behavior for NBD clients that doesn't treat the return value of the
nbd_get_size() function correctly. (CVE-2023-5215)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33164
• https://lwn.net/Articles/971701/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5215

SRPMS

9/core

• libnbd-1.15.8-3.1.mga9