An update that fixes two vulnerabilities is now available.
Description:
This update for nbd fixes the following issues:
Update to version 3.24 (bsc#1196827, bsc#1196828, CVE-2022-26495,
CVE-2022-26496):
* https://github.com/advisories/GHSA-q9rw-8758-hccj
Update to version 3.23:
* Don’t overwrite the hostname with the TLS hostname
Update to version 3.22:
- nbd-server: handle auth for v6-mapped IPv4 addresses
- nbd-client.c: parse the next option in all cases
- configure.ac: silence a few autoconf 2.71 warnings
- spec: Relax NBD_OPT_LIST_META_CONTEXTS
- client: Don’t confuse Unix socket with TLS hostname
- server: Avoid deprecated g_memdup
Update to version 3.21:
- Fix --disable-manpages build
- Fix a bug in whitespace handling regarding authorization files
- Support client-side marking of devices as read-only
- Support preinitialized NBD connection (i.e., skip the negotiation).
- Fix the systemd unit file for nbd-client so it works with netlink (the
more common situation nowadays)
Update to 3.20.0 (no changelog)
Update to version 3.19.0:
* Better error messages in case of unexpected disconnects
* Better compatibility with non-bash sh implementations (for
configure.sh)
* Fix for a segfault in NBD_OPT_INFO handling
* The ability to specify whether to listen on both TCP and Unix domain
sockets, rather than to always do so
* Various minor editorial and spelling fixes in the documentation.
Update to version 1.18.0:
* Client: Add the “-g” option to avoid even trying the NBD_OPT_GO message
* Server: fixes to inetd mode
* Don’t make gnutls and libnl automagic.
* Server: bugfixes in handling of some export names during verification.
* Server: clean supplementary groups when changing user.
* Client: when using the netlink protocol, only set a timeout when there
actually is a timeout, rather than defaulting to 0 seconds
* Improve documentation on the nbdtab file
* Minor improvements to some error messages
* Improvements to test suite so it works better on non-GNU userland
environments
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1276=1
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1276=1