-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5100-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nbd CVE ID : CVE-2022-26495 CVE-2022-26496 Debian Bug : 1003863 1006915 Two vulnerabilities were discovered in the server for the Network Block Device (NBD), which could result in the execution of arbitrary code. For the oldstable distribution (buster), these problems have been fixed in version 1:3.19-3+deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 1:3.21-1+deb11u1. We recommend that you upgrade your nbd packages. For the detailed security status of nbd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nbd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmIsw1YACgkQEMKTtsN8 TjY8EQ//doPYe1GfwDQToibTBSS29D4T2nMX9NXLRgDEC6Vpg2NjlWqcL+B7os3c wGPfIrZXjGN+CqwQdFNAWoSd1IyNIS5KrR4vK50PvQhpefa6ZVv4D2yiG/J0tIK2 T77Hp4CuGrjK2Ej5dGh4TnbLPVhGT2KV6kG1wnqfHe+M+gIVAe4sRm3OSArDGAfu 1wCPS8k+UbqPiRU4fHE1bxW6E9SoePCDUYGS8rbOImsRaEq5ZfDMRLBeDEBm8X7B c3OaZDpYgLA4CdYjqz/WmlIE5pzKIfbJhnzA6EhAYxlP4r+L2gzEWXFkMNyJKmMd aoYTD6RjKYhcGSysq4VsPAEVCo6n3/7ivAlv/b1YuH5RfTXPXuDSlKJwjXMtjPS7 V1U0G3ufP9wOgLY4JFIInNBAmCRcxza8P6sqzCiQznnKwB85nZRXAtz3Jd5R9pb+ 0suLb+Qb/LyferCQEy/tl98A9qqJeyyNXidsQb7XNK2o7K1uMRq3TnI4AFIaBQSM oEJnFXTfyiLPfqNTjImIz9R6/yX66HyJ/Z7dSRINj9UhKufe0rR0+VzIMTg9zDi8 UmKfjgX7UYOKhxmgvGLKN0iUt56A6QAVNWAkdB7rkHyRVaQLsNJz5jaZx6peEgY4 9C6XSg42QgmW25hrVCZbwUzwJ13cb/vNxoDBbeHU6lctJUELPqk= =Z+vM -----END PGP SIGNATURE-----