docs/nbdkit-security.pod

   1 =head1 NAME
   2
   3 nbdkit-security - information about past security issues in nbdkit
   4
   5 =head1 DESCRIPTION
   6
   7 This page details past security issues found in nbdkit.
   8
   9 For how to report new security issues, see the C<SECURITY> file in the
  10 top level source directory, also available online here:
  11 L<https://gitlab.com/nbdkit/nbdkit/blob/master/SECURITY>
  12
  13 =head2 CVE-2019-14850
  14 denial of service due to premature opening of back-end connection
  15
  16 See the full announcement and links to mitigation, tests and fixes
  17 here:
  18 https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html
  19
  20 =head2 CVE-2019-14851
  21 assertion failure by issuing commands in the wrong order
  22
  23 This CVE was caused by the fix to the previous issue.
  24
  25 See the full announcement and links to mitigation, tests and fixes
  26 here:
  27 https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html
  28
  29 =head2 CVE-2021-3716
  30 structured read denial of service attack against starttls
  31
  32 See the full announcement and links to mitigation, tests and fixes
  33 here:
  34 https://www.redhat.com/archives/libguestfs/2021-August/msg00083.html
  35
  36 =head1 SEE ALSO
  37
  38 L<nbdkit(1)>.
  39
  40 =head1 AUTHORS
  41
  42 Eric Blake
  43
  44 Richard W.M. Jones
  45
  46 =head1 COPYRIGHT
  47
  48 Copyright Red Hat