An update for nbdkit is now available for openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1781 Final 1.0 1.0 2025-07-11 Initial 2025-07-11 2025-07-11 openEuler SA Tool V1.0 2025-07-11 nbdkit security update An update for nbdkit is now available for openEuler-24.03-LTS-SP2 NBD (Network Block Device) is a protocol for accessing Block Devices (hard disks and disk-like things) over a Network. nbdkit is a toolkit for creating NBD servers. The key features are: * Multithreaded NBD server written in C with good performance. * Minimal dependencies for the basic server. * Liberal license (BSD) allows nbdkit to be linked to proprietary libraries or included in proprietary code. * Well-documented, simple plugin API with a stable ABI guarantee. Lets you export “unconventional” block devices easily. * You can write plugins in C, Lua, Perl, Python, OCaml, Ruby, Rust, shell script or Tcl. * Filters can be stacked in front of plugins to transform the output. Security Fix(es): There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.(CVE-2025-47711) A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.(CVE-2025-47712) An update for nbdkit is now available for master/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium nbdkit https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1781 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-47711 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-47712 https://nvd.nist.gov/vuln/detail/CVE-2025-47711 https://nvd.nist.gov/vuln/detail/CVE-2025-47712 openEuler-24.03-LTS-SP2 nbdkit-bash-completion-1.32.6-2.oe2403sp2.noarch.rpm nbdkit-help-1.32.6-2.oe2403sp2.noarch.rpm nbdkit-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-basic-filters-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-basic-plugins-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-debuginfo-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-debugsource-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-devel-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-guestfs-plugin-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-libvirt-plugin-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-ocaml-plugin-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-ocaml-plugin-devel-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-perl-plugin-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-plugins-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-python3-plugin-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-server-1.32.6-2.oe2403sp2.aarch64.rpm nbdkit-1.32.6-2.oe2403sp2.src.rpm nbdkit-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-basic-filters-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-basic-plugins-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-debuginfo-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-debugsource-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-devel-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-guestfs-plugin-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-libvirt-plugin-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-ocaml-plugin-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-ocaml-plugin-devel-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-perl-plugin-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-plugins-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-python3-plugin-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-server-1.32.6-2.oe2403sp2.x86_64.rpm nbdkit-vddk-plugin-1.32.6-2.oe2403sp2.x86_64.rpm There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service. 2025-07-11 CVE-2025-47711 openEuler-24.03-LTS-SP2 Medium 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L nbdkit security update 2025-07-11 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1781 A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service. 2025-07-11 CVE-2025-47712 openEuler-24.03-LTS-SP2 Medium 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L nbdkit security update 2025-07-11 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1781