--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-138098 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138098 2006-02-11 ---------------------------------------------------------------------
Name : nfs-utils
Versions : rh7.3: nfs-utils-0.3.3-6.73.2.legacy
Versions : rh9: nfs-utils-1.0.1-3.9.2.legacy
Versions : fc1: nfs-utils-1.0.6-1.2.legacy
Versions : fc2: nfs-utils-1.0.6-22.2.legacy
Summary : NFS utilities and supporting daemons for the kernel NFS
server.
Description :
The nfs-utils package provides a daemon for the kernel NFS server and
related tools, providing a much higher level of performance than the
traditional Linux NFS server used by most users.
This package also contains the showmount program. Showmount queries
the mount daemon on a remote host for information about the NFS
(Network File System) server on the remote host.
---------------------------------------------------------------------
Update Information:
An updated nfs-utils package that fixes security issues is now
available.
The nfs-utils package provides a daemon for the kernel NFS server and
related tools, providing a much higher level of performance than the
traditional Linux NFS server used by most users.
Arjan van de Ven discovered a buffer overflow in rquotad. On 64-bit
architectures, an improper integer conversion can lead to a buffer
overflow. An attacker with access to an NFS share could send a specially
crafted request which could lead to the execution of arbitrary code. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0946 to this issue.
In addition, the Fedora Core 2 update fixes the following issue:
SGI reported that the statd daemon did not properly handle the SIGPIPE
signal. A misconfigured or malicious peer could cause statd to crash,
leading to a denial of service. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1014 to this
issue.
All users of nfs-utils should upgrade to this updated package, which
resolves these issues.
---------------------------------------------------------------------
Changelogs
rh73:
* Mon Nov 14 2005 Jeff Sheltren <[EMAIL PROTECTED]> 0.3.3-6.73.2.legacy
- Patch for CVE-2004-0946, rquotad buffer overflow (#138098)
rh9:
* Mon Nov 14 2005 Jeff Sheltren <[EMAIL PROTECTED]> 1.0.1-3.9.2.legacy
- Patch for CVE-2004-0946, rquotad buffer overflow (#138098)
fc1:
* Mon Nov 14 2005 Jeff Sheltren <[EMAIL PROTECTED]> 1.0.6-1.2.legacy
- Patch for CVE-2004-0946, rquotad buffer overflow (#138098)
fc2:
* Wed Nov 16 2005 Jeff Sheltren <[EMAIL PROTECTED]> 1.0.6-22.2.legacy
- Add patch for CVE-2004-1014, sigpipe DOS (#138098, #152871)
* Mon Nov 14 2005 Jeff Sheltren <[EMAIL PROTECTED]> 1.0.6-22.1.legacy
- Patch for CVE-2004-0946, rquotad buffer overflow (#138098)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh7.3:
fc563f70e9f2b5eeafb51b9444469689185ef504
redhat/7.3/updates-testing/i386/nfs-utils-0.3.3-6.73.2.legacy.i386.rpm
79dd718df766c23fc8ab4880a0e1557ca990c181
redhat/7.3/updates-testing/SRPMS/nfs-utils-0.3.3-6.73.2.legacy.src.rpm
rh9:
45c4f3a310d3090271f0d0798cae1e3148ab8299
redhat/9/updates-testing/i386/nfs-utils-1.0.1-3.9.2.legacy.i386.rpm
bf009c4fe075b7105316084c6ca577f15c5bdb52
redhat/9/updates-testing/SRPMS/nfs-utils-1.0.1-3.9.2.legacy.src.rpm
fc1:
1c96ae93420683ad79b675b205ecb5d6ddb61ef4
fedora/1/updates-testing/i386/nfs-utils-1.0.6-1.2.legacy.i386.rpm
6d4ee9e13e8b3bf1278d59b48ccb0c48f7645f7f
fedora/1/updates-testing/SRPMS/nfs-utils-1.0.6-1.2.legacy.src.rpm
fc2:
2063735e17273d7967c8fa1f3649ab86921c910e
fedora/2/updates-testing/i386/nfs-utils-1.0.6-22.2.legacy.i386.rpm
dc3207c089204dd1c47653dc4918fe45b81a8654
fedora/2/updates-testing/SRPMS/nfs-utils-1.0.6-22.2.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
