Two new versions of OpenZFS fix long-hidden corruption bug The Register

The bug that was very occasionally corrupting data on file copies in OpenZFS 2.2.0 has been identified and fixed, and there's a fix for the previous OpenZFS release too.
The OpenZFS development team have put out not one but two new releases of the open-source cross-platform filesystem for Linux and FreeBSD. Version 2.2.2 fixes the problem that showed up in the latest version, which is included in FreeBSD 14 as well as several Linux distros, including Ubuntu 23.10.
There's also a new release in the previous version of OpenZFS: version 2.1.14 which applies to FreeBSD back to version 12.
This was necessary because while, as we reported a week ago, it was OpenZFS 2.2.0 that brought the issue to light and made it visible, it didn't actually cause the problem.
It merely exposed an underlying bug which had been around for years: OpenZFS 2.2.0's new, faster copy function simply made the existing issue much more likely to happen.
The FreeBSD project has published an errata notice, and made fixes available for FreeBSD 12, 13 and 14.
The investigation that's been going on since then has revealed more.
The bug was also confirmed in Illumos, the open-source fork of OpenSolaris which has continued development since Oracle killed off the open source project in 2010.
It looks like Red Hat backported this functionality from Coreutils 9.x to 8.x, and it's been identified in CentOS Stream 9 as well as in the OpenELA source code.
I'd link to the corresponding RHEL code, but sadly they no longer publish it.
RHEL doesn't include OpenZFS, so this data-loss issue will not affect it.
RHEL doesn't even include Btrfs but Oracle Linux does, although that's no cause for concern here: Btrfs itself is immune from the bug.
What this illustrates is the problem with trying to pin down affected versions.
As we described back in June, Red Hat puts a lot of engineering time and effort into backporting features from newer kernels into its very-long-term supported enterprise kernels.
These optimizations are perfectly safe on the Big Purple Hat's own distro, and indeed its RHELatives such as Oracle and Alma and so on.
Such changes can get picked up by other distros, or even by people hand-building complex bespoke installations.
There's a newer overview of the issue on Github, but the investigation as to when the bug first appeared is still underway, as the comments there show.
Although bug fix #15571 in these two new OpenZFS releases does resolve the issue, another, newer attempt to fix the issue in a cleaner way is also under investigation as bug fix #15615.
ZFS is a complex filesystem, and this is a complex bug that may have remained hidden for 17 years.
If there is a simpler, cleaner way to fix the issue, that would be a good thing.


This Cyber News was published on go.theregister.com. Publication date: Mon, 04 Dec 2023 16:43:39 +0000


Cyber News related to Two new versions of OpenZFS fix long-hidden corruption bug The Register

Two new versions of OpenZFS fix long-hidden corruption bug The Register - The bug that was very occasionally corrupting data on file copies in OpenZFS 2.2.0 has been identified and fixed, and there's a fix for the previous OpenZFS release too. The OpenZFS development team have put out not one but two new releases of the ...
10 months ago Go.theregister.com
Two new versions of OpenZFS fix long-hidden corruption bug The Register - The bug that was very occasionally corrupting data on file copies in OpenZFS 2.2.0 has been identified and fixed, and there's a fix for the previous OpenZFS release too. The OpenZFS development team have put out not one but two new releases of the ...
10 months ago Packetstormsecurity.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2021-42017 - A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < ...
1 year ago
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
4 months ago Tenable.com
CVE-2021-42016 - A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < ...
1 year ago
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
6 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
6 months ago Cisa.gov
New Relic warns customers it's experienced a cyber incident The Register - Web tracking and analytics outfit New Relic has issued a scanty security advisory warning customers it has experienced a scary cyber something. "We value our New Relic community and want to make our customers aware of a recent cyber security incident ...
10 months ago Theregister.com
CVE-2021-37209 - A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < ...
1 year ago
CVE-2024-38867 - A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) ...
2 months ago
CVE-2021-31895 - A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 ...
3 years ago
CVE-2022-45044 - A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) ...
6 months ago
CVE-2021-32629 - Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario ...
1 year ago
CVE-2019-19300 - A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), ...
1 year ago
CVE-2024-26706 - In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data ...
6 months ago Tenable.com
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
10 months ago Cnn.com
CVE-2022-34821 - A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < ...
11 months ago
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
8 months ago Techtarget.com
CVE-2023-52598 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
EU lawmakers finalize tough cyber security rules The Register - Infosec in brief The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act, setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source ...
10 months ago Go.theregister.com
EU lawmakers finalize tough cyber security rules The Register - Infosec in brief The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act, setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source ...
10 months ago Packetstormsecurity.com
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
1 year ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)