stable
FEDORA-2019-ee52ef0cdc created by rjones 2 years ago for Fedora 29

New upstream version 1.12.7. Fixes Denial of Service / Amplication Attack: https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2019-ee52ef0cdc

This update has been submitted for testing by rjones.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon ericb commented & provided feedback 2 years ago
karma

Our CVE fix to prevent traffic amplification introduced a regression - another CVE of DoS for a client that requests NBD_OPT_INFO before NBD_OPT_GO: nbdkit: null[1]: debug: newstyle negotiation: NBD_OPT_INFO: ignoring NBD_INFO_* request 3 (unknown) nbdkit: null[1]: debug: newstyle negotiation: NBD_OPT_GO: client requested export '' (ignored) nbdkit: plugins.c:259: plugin_open: Assertion `connection_get_handle (conn, 0) == NULL' failed. qemu-io: can't open device nbd://localhost: Failed to read option reply: Unexpected end-of-file before all bytes were read [1]+ Aborted (core dumped) nbdkit -rfv null

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 years ago

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by rjones.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
-1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago

Automated Test Results