TUCoPS :: Linux :: Conectiva :: bt692.txt

nfs-utils CLA-2003:700 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : nfs-utils
SUMMARY   : Buffer overflow vulnerability
DATE      : 2003-07-22 10:17:00
ID        : CLA-2003:700
RELEVANT
RELEASES  : 7.0, 8, 9

- -------------------------------------------------------------------------

DESCRIPTION
 The nfs-utils[1] package provides the utilities for Linux NFS client
 and server.
 
 Janusz Niewiadomski found[2] a buffer overflow vulnerability[3] in
 the nfs-utils package that could be used by remote attackers to cause
 a denial of service condition or execute arbitrary code with
 administrator privileges.
 
 To fix this issue, the author has released[4] a new version. The
 packages made available through this update contain the same fix as
 the one applied to this new version, 1.0.4.


SOLUTION
 It is recommended that all nfs-utils users upgrade their packages.
 
 IMPORTANT: after the upgrade, the nfs and nfs-lock services have to
 be restarted if they were already running. To do this, run the
 following commands as root:
 
 /sbin/service nfs restart
 /sbin/service nfslock restart


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/nfs-utils-0.3.1-6U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/nfs-utils-0.3.1-6U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/nfs-utils-0.3.1-6U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/nfs-utils-0.3.1-6U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/nfs-utils-1.0.1-17482U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/nfs-utils-1.0.1-17482U90_1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/HTmr42jd0JmAcZARApBaAKDAKMO1AhATvkNgB7NKxIW2M6s7QgCeNlIY
EMDCx18/oD0MnRiAUz3a6v8=
=xS/z
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH