We have discovered a potential Denial of Service Attack in nbdkit,
when using opportunistic TLS.
Fixes
-----
This affects all nbdkit versions 1.12 through 1.26.4, as well as
development versions through 1.27.5. A fix is available for the
current development branch, and a followup email will give commit ids
for each stable branch where the fix has been backported.
https://listman.redhat.com/archives/libguestfs/2021-August/msg00077.html
* development branch (1.27)
Older branches are patched for those building from a branch, but we
will not create actual releases on the branch unless there is demand.
* stable branch 1.22
Introduced in 1.11.8, commit eaa4c6e9a2c4bdb71aefdd4b1d865e7a9af606a8
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: