------------------------------------------------------------------------- Debian LTS Advisory DLA-4114-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert April 05, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : zfs-linux Version : 2.0.3-9+deb11u2 CVE ID : CVE-2013-20001 CVE-2023-49298 Debian Bug : 1056752 1059322 Multiple vulnerabilities were found in zfs-linux, the OpenZFS filesystem for Linux. CVE-2013-20001 When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied. With the fix, recognize when the host part of a sharenfs attribute is an ipv6 Literal, and pass that through without modification. CVE-2023-49298 Check dnode and its data for dirtiness to prevent applications from inadvertently replacing file contents with zero-valued bytes and thus potentially disabling security mechanisms. For Debian 11 bullseye, these problems have been fixed in version 2.0.3-9+deb11u2. We recommend that you upgrade your zfs-linux packages. For the detailed security status of zfs-linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zfs-linux Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part