New upstream version 1.12.7.
Fixes Denial of Service / Amplication Attack:
sudo dnf upgrade --refresh --advisory=FEDORA-2019-ee52ef0cdc
This update has been submitted for testing by rjones.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
Our CVE fix to prevent traffic amplification introduced a regression - another CVE of DoS for a client that requests NBD_OPT_INFO before NBD_OPT_GO:
nbdkit: null: debug: newstyle negotiation: NBD_OPT_INFO: ignoring NBD_INFO_* request 3 (unknown)
nbdkit: null: debug: newstyle negotiation: NBD_OPT_GO: client requested export '' (ignored)
nbdkit: plugins.c:259: plugin_open: Assertion `connection_get_handle (conn, 0) == NULL' failed.
qemu-io: can't open device nbd://localhost: Failed to read option reply: Unexpected end-of-file before all bytes were read
+ Aborted (core dumped) nbdkit -rfv null
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by rjones.
This update has been pushed to stable.
Please login to add feedback.
Confirm request to re-trigger tests.
Copyright © 2007-2022 Red Hat, Inc. and
bodhi-server 6.0.1^202206231147git94e9caa on
bodhi is Free Software.
if you have any problems. Read the documentation.