From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org
Subject: [PULL 0/5] NBD: fix CVE-2024-7409 for 9.1
Date: Thu, 8 Aug 2024 16:53:38 -0500 [thread overview]
Message-ID: <20240808215529.1065336-7-eblake@redhat.com> (raw)
The following changes since commit 75c7f574035622798e9361a942bdfbb0af930f0e:
Merge tag 'pull-hex-20240807' of https://github.com/quic/qemu into staging (2024-08-08 16:08:18 +1000)
are available in the Git repository at:
https://repo.or.cz/qemu/ericb.git tags/pull-nbd-2024-08-08
for you to fetch changes up to 3e7ef738c8462c45043a1d39f702a0990406a3b3:
nbd/server: CVE-2024-7409: Close stray clients at server-stop (2024-08-08 16:34:04 -0500)
----------------------------------------------------------------
NBD patches for 2024-08-08
- plug CVE-2024-7409, a DoS attack exploiting nbd-server-stop
----------------------------------------------------------------
Eric Blake (5):
nbd: Minor style and typo fixes
nbd/server: Plumb in new args to nbd_client_add()
nbd/server: CVE-2024-7409: Cap default max-connections to 100
nbd/server: CVE-2024-7409: Drop non-negotiating clients
nbd/server: CVE-2024-7409: Close stray clients at server-stop
qapi/block-export.json | 4 ++--
include/block/nbd.h | 18 +++++++++++++++-
block/monitor/block-hmp-cmds.c | 3 ++-
blockdev-nbd.c | 47 +++++++++++++++++++++++++++++++++++++++--
nbd/server.c | 48 ++++++++++++++++++++++++++++++++++++++----
qemu-nbd.c | 7 ++++--
nbd/trace-events | 1 +
7 files changed, 116 insertions(+), 12 deletions(-)
--
2.46.0
next reply other threads:[~2024-08-08 21:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-08 21:53 Eric Blake [this message]
2024-08-08 21:53 ` [PULL 1/5] nbd: Minor style and typo fixes Eric Blake
2024-08-08 21:53 ` [PULL 2/5] nbd/server: Plumb in new args to nbd_client_add() Eric Blake
2024-08-08 21:53 ` [PULL 3/5] nbd/server: CVE-2024-7409: Cap default max-connections to 100 Eric Blake
2024-08-08 21:53 ` [PULL 4/5] nbd/server: CVE-2024-7409: Drop non-negotiating clients Eric Blake
2024-08-08 21:53 ` [PULL 5/5] nbd/server: CVE-2024-7409: Close stray clients at server-stop Eric Blake
2024-08-11 8:02 ` Michael Tokarev
2024-08-12 14:44 ` Eric Blake
2024-08-13 6:30 ` Michael Tokarev
2024-08-10 11:39 ` [PULL 0/5] NBD: fix CVE-2024-7409 for 9.1 Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240808215529.1065336-7-eblake@redhat.com \
--to=eblake@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).