FERRAMENTAS LINUX: Critical nbdkit Security Update: CVE-2025-47711 & CVE-2025-47712 Patched

quinta-feira, 12 de junho de 2025

Critical nbdkit Security Update: CVE-2025-47711 & CVE-2025-47712 Patched

 

SUSE

SUSE released a critical nbdkit security update (v1.40.6) patching CVE-2025-47711 (off-by-one DoS) and CVE-2025-47712 (integer overflow). Learn how to protect your Linux servers, understand CVSS 7.1/6.5 risks, and apply patches via YaST or zypper.


SUSE Linux Enterprise Server Users Must Apply This Moderate-Rated Fix

Why This Update Matters for Enterprise Security

The latest nbdkit (Network Block Device toolkit) update addresses two high-risk vulnerabilities affecting SUSE Linux Enterprise Server 15 SP7, Real Time, and SAP deployments. With CVSS scores up to 7.1, these flaws could enable denial-of-service (DoS) attacks via malicious block status requests.

Key Vulnerabilities Patched

  1. CVE-2025-47712

    • Threat: Integer overflow in the blocksize filter (client requests >2³² trigger assertion failure).

    • CVSS 4.0: 7.1 (SUSE) | CVSS 3.1: 6.5 (SUSE), 4.3 (NVD)

    • Impact: System crashes, disrupting critical storage operations.

  2. CVE-2025-47711

    • Threat: Off-by-one error processing block status results from plugins.

    • CVSS 4.0: 5.3 (SUSE) | CVSS 3.1: 6.5 (SUSE), 4.3 (NVD)

    • Impact: Plugin-level instability leading to service degradation.

How to Apply the Patch

Recommended Methods

  • YaST Online Update: Automated patching for enterprise environments.

  • Command Line:

    bash
    Copy
    Download
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-1888=1

Affected Packages

ArchitectureKey Packages Updated
x86_64nbdkit-servernbdkit-vddk-pluginnbdkit-curl-plugin
aarch64nbdkit-basic-filtersnbdkit-python-plugin-debuginfo

Technical Deep Dive: Fixes & Improvements

Beyond security patches, nbdkit 1.40.6 includes:

  • Performance: VDDK plugin now caches disk size and avoids partial chunk reads.

  • Compatibility:

    • Golang support for GCC 15.

    • Tcl 9.0 and OCaml threading fixes.

  • Code Quality: Rust plugin optimizations (CStr literals, explicit API declarations).

FAQs: nbdkit Security Update

Q: Is this update urgent for cloud deployments?

A: Yes—public-facing NBD services are especially vulnerable to DoS exploits.

Q: Are containers affected?

A: Only if they directly use nbdkit’s blocksize filter or VDDK plugin.

Q: How does CVSS 4.0 differ from 3.1 ratings?

A: CVSS 4.0 adds granularity in attack vector scoring (e.g., "Attack Timing" metrics).

Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)