[Pkg-zfsonlinux-devel] Bug#1059322: zfs-linux: CVE-2013-20001
Moritz Mühlenhoff
jmm at inutil.org
Fri Dec 22 13:59:15 GMT 2023
Source: zfs-linux
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for zfs-linux.
CVE-2013-20001[0]:
| An issue was discovered in OpenZFS through 2.0.3. When an NFS share
| is exported to IPv6 addresses via the sharenfs feature, there is a
| silent failure to parse the IPv6 address data, and access is allowed
| to everyone. IPv6 restrictions from the configuration are not
| applied.
https://github.com/openzfs/zfs/commit/6cb5e1e7591da20af3a15793e022345a73e40fb7 (zfs-2.2.0-rc1)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2013-20001
https://www.cve.org/CVERecord?id=CVE-2013-20001
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-zfsonlinux-devel
mailing list