[FLSA-2005:152871] Updated nfs-utils package fixes security issue
Pekka Savola
pekkas at netcore.fi
Tue May 17 09:17:51 UTC 2005
Hi,
Would it make sense to 'touch' the updates while they move from
updates-testing to updates?
There are considerations either way, but doing so would make it easier
to spot the new updates -- as in many times, an update has been
sitting idle at updates-testing for even months, so doing a 'ls -lart'
listing in the updates directory doesn't show the latest updates
first..
On Thu, 12 May 2005, Marc Deslauriers wrote:
> ---------------------------------------------------------------------
> Fedora Legacy Update Advisory
>
> Synopsis: Updated nfs-utils package fixes security issue
> Advisory ID: FLSA:152871
> Issue date: 2005-05-12
> Product: Red Hat Linux, Fedora Core
> Keywords: Bugfix
> CVE Names: CAN-2004-1014
> ---------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------
> 1. Topic:
>
> An updated nfs-utils package that fixes a security issue is now
> available.
>
> The nfs-utils package provides a daemon for the kernel NFS server and
> related tools, providing a much higher level of performance than the
> traditional Linux NFS server used by most users.
>
> 2. Relevant releases/architectures:
>
> Red Hat Linux 7.3 - i386
> Red Hat Linux 9 - i386
> Fedora Core 1 - i386
>
> 3. Problem description:
>
> SGI reported that the statd daemon did not properly handle the SIGPIPE
> signal. A misconfigured or malicious peer could cause statd to crash,
> leading to a denial of service. The Common Vulnerabilities and Exposures
> project (cve.mitre.org) has assigned the name CAN-2004-1014 to this
> issue.
>
> All users of nfs-utils should upgrade to this updated package, which
> resolves this issue.
>
> 4. Solution:
>
> Before applying this update, make sure all previously released errata
> relevant to your system have been applied.
>
> To update all RPMs for your particular architecture, run:
>
> rpm -Fvh [filenames]
>
> where [filenames] is a list of the RPMs you wish to upgrade. Only those
> RPMs which are currently installed will be updated. Those RPMs which
> are not installed but included in the list will not be updated. Note
> that you can also use wildcards (*.rpm) if your current directory *only*
> contains the desired RPMs.
>
> Please note that this update is also available via yum and apt. Many
> people find this an easier way to apply updates. To use yum issue:
>
> yum update
>
> or to use apt:
>
> apt-get update; apt-get upgrade
>
> This will start an interactive process that will result in the
> appropriate RPMs being upgraded on your system. This assumes that you
> have yum or apt-get configured for obtaining Fedora Legacy content.
> Please visit http://www.fedoralegacy.org/docs for directions on how to
> configure yum and apt-get.
>
> 5. Bug IDs fixed:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152871
>
> 6. RPMs required:
>
> Red Hat Linux 7.3:
> SRPM:
> http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.1.legacy.src.rpm
>
> i386:
> http://download.fedoralegacy.org/redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.1.legacy.i386.rpm
>
> Red Hat Linux 9:
>
> SRPM:
> http://download.fedoralegacy.org/redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.1.legacy.src.rpm
>
> i386:
> http://download.fedoralegacy.org/redhat/9/updates/i386/nfs-utils-1.0.1-3.9.1.legacy.i386.rpm
>
> Fedora Core 1:
>
> SRPM:
> http://download.fedoralegacy.org/fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.1.legacy.src.rpm
>
> i386:
> http://download.fedoralegacy.org/fedora/1/updates/i386/nfs-utils-1.0.6-1.1.legacy.i386.rpm
>
> 7. Verification:
>
> SHA1 sum Package Name
> ---------------------------------------------------------------------
>
> 8c5abe86dcf8c54d71fdb7431df159405fed830b
> redhat/7.3/updates/i386/nfs-utils-0.3.3-6.73.1.legacy.i386.rpm
> e6ed500f9a027f882410942eeba7807a02e7684a
> redhat/7.3/updates/SRPMS/nfs-utils-0.3.3-6.73.1.legacy.src.rpm
> 4b5a41715061a0d4e04d2b7310657ccf9cb1a3cb
> redhat/9/updates/i386/nfs-utils-1.0.1-3.9.1.legacy.i386.rpm
> 37e2bb721b47e569bd9e6ee922532f9d9e8dcde3
> redhat/9/updates/SRPMS/nfs-utils-1.0.1-3.9.1.legacy.src.rpm
> 8720cd5101f6d989e2f0695a54049561644ccd93
> fedora/1/updates/i386/nfs-utils-1.0.6-1.1.legacy.i386.rpm
> 7320e145578c605b50ab7dcfb46ff4c152b0487c
> fedora/1/updates/SRPMS/nfs-utils-1.0.6-1.1.legacy.src.rpm
>
> These packages are GPG signed by Fedora Legacy for security. Our key is
> available from http://www.fedoralegacy.org/about/security.php
>
> You can verify each package with the following command:
>
> rpm --checksig -v <filename>
>
> If you only wish to verify that each package has not been corrupted or
> tampered with, examine only the sha1sum with the following command:
>
> sha1sum <filename>
>
> 8. References:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1014
>
> 9. Contact:
>
> The Fedora Legacy security contact is <secnotice at fedoralegacy.org>. More
> project details at http://www.fedoralegacy.org
>
> ---------------------------------------------------------------------
>
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-legacy-list
mailing list