Fedora Legacy Test Update Notification: nfs-utils

Marc Deslauriers marcdeslauriers at videotron.ca
Sat Feb 11 16:43:15 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-138098
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138098
2006-02-11
---------------------------------------------------------------------

Name        : nfs-utils
Versions    : rh7.3: nfs-utils-0.3.3-6.73.2.legacy
Versions    : rh9: nfs-utils-1.0.1-3.9.2.legacy
Versions    : fc1: nfs-utils-1.0.6-1.2.legacy
Versions    : fc2: nfs-utils-1.0.6-22.2.legacy
Summary     : NFS utilities and supporting daemons for the kernel NFS
              server.
Description :
The nfs-utils package provides a daemon for the kernel NFS server and
related tools, providing a much higher level of performance than the
traditional Linux NFS server used by most users.

This package also contains the showmount program. Showmount queries
the mount daemon on a remote host for information about the NFS
(Network File System) server on the remote host.

---------------------------------------------------------------------
Update Information:

An updated nfs-utils package that fixes security issues is now
available.

The nfs-utils package provides a daemon for the kernel NFS server and
related tools, providing a much higher level of performance than the
traditional Linux NFS server used by most users.

Arjan van de Ven discovered a buffer overflow in rquotad. On 64-bit
architectures, an improper integer conversion can lead to a buffer
overflow. An attacker with access to an NFS share could send a specially
crafted request which could lead to the execution of arbitrary code. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0946 to this issue.

In addition, the Fedora Core 2 update fixes the following issue:

SGI reported that the statd daemon did not properly handle the SIGPIPE
signal. A misconfigured or malicious peer could cause statd to crash,
leading to a denial of service. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1014 to this
issue.

All users of nfs-utils should upgrade to this updated package, which
resolves these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Mon Nov 14 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 0.3.3-6.73.2.legacy
- Patch for CVE-2004-0946, rquotad buffer overflow (#138098)

rh9:
* Mon Nov 14 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 1.0.1-3.9.2.legacy
- Patch for CVE-2004-0946, rquotad buffer overflow (#138098)

fc1:
* Mon Nov 14 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 1.0.6-1.2.legacy
- Patch for CVE-2004-0946, rquotad buffer overflow (#138098)

fc2:
* Wed Nov 16 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 1.0.6-22.2.legacy
- Add patch for CVE-2004-1014, sigpipe DOS (#138098, #152871)

* Mon Nov 14 2005 Jeff Sheltren <sheltren at cs.ucsb.edu> 1.0.6-22.1.legacy
- Patch for CVE-2004-0946, rquotad buffer overflow (#138098)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
fc563f70e9f2b5eeafb51b9444469689185ef504
redhat/7.3/updates-testing/i386/nfs-utils-0.3.3-6.73.2.legacy.i386.rpm
79dd718df766c23fc8ab4880a0e1557ca990c181
redhat/7.3/updates-testing/SRPMS/nfs-utils-0.3.3-6.73.2.legacy.src.rpm

rh9:
45c4f3a310d3090271f0d0798cae1e3148ab8299
redhat/9/updates-testing/i386/nfs-utils-1.0.1-3.9.2.legacy.i386.rpm
bf009c4fe075b7105316084c6ca577f15c5bdb52
redhat/9/updates-testing/SRPMS/nfs-utils-1.0.1-3.9.2.legacy.src.rpm

fc1:
1c96ae93420683ad79b675b205ecb5d6ddb61ef4
fedora/1/updates-testing/i386/nfs-utils-1.0.6-1.2.legacy.i386.rpm
6d4ee9e13e8b3bf1278d59b48ccb0c48f7645f7f
fedora/1/updates-testing/SRPMS/nfs-utils-1.0.6-1.2.legacy.src.rpm

fc2:
2063735e17273d7967c8fa1f3649ab86921c910e
fedora/2/updates-testing/i386/nfs-utils-1.0.6-22.2.legacy.i386.rpm
dc3207c089204dd1c47653dc4918fe45b81a8654
fedora/2/updates-testing/SRPMS/nfs-utils-1.0.6-22.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060211/9ad3a886/attachment.sig>

More information about the fedora-legacy-list mailing list