Provided by: nbdkit_1.32.5-1ubuntu2_amd64 bug

NAME

       nbdkit-security - information about past security issues in nbdkit

DESCRIPTION

       This page details past security issues found in nbdkit.

       For how to report new security issues, see the "SECURITY" file in the top level source
       directory, also available online here:
       https://gitlab.com/nbdkit/nbdkit/blob/master/SECURITY

   CVE-2019-14850 denial of service due to premature opening of back-end connection
       See the full announcement and links to mitigation, tests and fixes here:
       https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html

   CVE-2019-14851 assertion failure by issuing commands in the wrong order
       This CVE was caused by the fix to the previous issue.

       See the full announcement and links to mitigation, tests and fixes here:
       https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html

   CVE-2021-3716 structured read denial of service attack against starttls
       See the full announcement and links to mitigation, tests and fixes here:
       https://www.redhat.com/archives/libguestfs/2021-August/msg00083.html

SEE ALSO

       nbdkit(1).

AUTHORS

       Eric Blake

       Richard W.M. Jones

COPYRIGHT

       Copyright (C) 2013-2021 Red Hat Inc.

LICENSE

       Redistribution and use in source and binary forms, with or without modification, are
       permitted provided that the following conditions are met:

       •   Redistributions of source code must retain the above copyright notice, this list of
           conditions and the following disclaimer.

       •   Redistributions in binary form must reproduce the above copyright notice, this list of
           conditions and the following disclaimer in the documentation and/or other materials
           provided with the distribution.

       •   Neither the name of Red Hat nor the names of its contributors may be used to endorse
           or promote products derived from this software without specific prior written
           permission.

       THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED
       WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
       FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS
       BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
       DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
       OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
       LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
       OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
       POSSIBILITY OF SUCH DAMAGE.