Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2009:060 ] nfs-utils

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1235782269-6173-1749

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:060

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : nfs-utils

Date : February 27, 2009

Affected: 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,

Multi Network Firewall 2.0

_______________________________________________________________________

 

Problem Description:

 

A security vulnerability has been identified and fixed in nfs-utils,

which caused TCP Wrappers to ignore netgroups and allows remote

attackers to bypass intended access restrictions (CVE-2008-4552).

 

The updated packages have been patched to prevent this.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

a3309e26384dea89035a13a195eb65a9 2008.0/i586/nfs-utils-1.1.0-12.2mdv2008.0.i586.rpm

e17379b66c0dc927eadf8b4bde947968 2008.0/i586/nfs-utils-clients-1.1.0-12.2mdv2008.0.i586.rpm

649c040e97748f0f6a9333f1cc07cb4e 2008.0/SRPMS/nfs-utils-1.1.0-12.2mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

2768e3374f20d4d87b38dc0ee53913ec 2008.0/x86_64/nfs-utils-1.1.0-12.2mdv2008.0.x86_64.rpm

24afc643d2054f10341cc8d60abfd10e 2008.0/x86_64/nfs-utils-clients-1.1.0-12.2mdv2008.0.x86_64.rpm

649c040e97748f0f6a9333f1cc07cb4e 2008.0/SRPMS/nfs-utils-1.1.0-12.2mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

2978448adef1e93fbb4992d58820283b 2008.1/i586/nfs-utils-1.1.1-9.2mdv2008.1.i586.rpm

94eb52f51949963cdb5b24d0aaaa5c13 2008.1/i586/nfs-utils-clients-1.1.1-9.2mdv2008.1.i586.rpm

7ed31ae2518e1b4cd97be3003bb52a21 2008.1/SRPMS/nfs-utils-1.1.1-9.2mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

fb099b1f8573176244a6b207c499e434 2008.1/x86_64/nfs-utils-1.1.1-9.2mdv2008.1.x86_64.rpm

99fc35580bddc26bbdadc93f3793d1d2 2008.1/x86_64/nfs-utils-clients-1.1.1-9.2mdv2008.1.x86_64.rpm

7ed31ae2518e1b4cd97be3003bb52a21 2008.1/SRPMS/nfs-utils-1.1.1-9.2mdv2008.1.src.rpm

 

Corporate 3.0:

bc15fd3bacccf814267569fce8bcf622 corporate/3.0/i586/nfs-utils-1.0.6-2.3.100mdk.i586.rpm

63e3c3bee48bbc938b3c31b8372aaf9e corporate/3.0/i586/nfs-utils-clients-1.0.6-2.3.100mdk.i586.rpm

59f637b4fcab268c69be5b0d64cf3832 corporate/3.0/SRPMS/nfs-utils-1.0.6-2.3.100mdk.src.rpm

 

Corporate 3.0/X86_64:

3f202c3a455a9775a542a774c6792869 corporate/3.0/x86_64/nfs-utils-1.0.6-2.3.100mdk.x86_64.rpm

15423ecfeb635a96f4d081c067008f35 corporate/3.0/x86_64/nfs-utils-clients-1.0.6-2.3.100mdk.x86_64.rpm

59f637b4fcab268c69be5b0d64cf3832 corporate/3.0/SRPMS/nfs-utils-1.0.6-2.3.100mdk.src.rpm

 

Corporate 4.0:

859988bb3dd95155e7caea5310011132 corporate/4.0/i586/nfs-utils-1.0.9-0.1.20060mlcs4.i586.rpm

13a3dd01587c8299acf81dfe8b26ea78 corporate/4.0/i586/nfs-utils-clients-1.0.9-0.1.20060mlcs4.i586.rpm

cffaae7696e36c69627296b714dec455 corporate/4.0/SRPMS/nfs-utils-1.0.9-0.1.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

1ebdaaffad677d35d13dfd21b7f67790 corporate/4.0/x86_64/nfs-utils-1.0.9-0.1.20060mlcs4.x86_64.rpm

f33ade5e5b007014bf849f96171f711f corporate/4.0/x86_64/nfs-utils-clients-1.0.9-0.1.20060mlcs4.x86_64.rpm

cffaae7696e36c69627296b714dec455 corporate/4.0/SRPMS/nfs-utils-1.0.9-0.1.20060mlcs4.src.rpm

 

Multi Network Firewall 2.0:

9d3bbbe6e938a2065dfb68ca1631b813 mnf/2.0/i586/nfs-utils-1.0.6-2.3.100mdk.i586.rpm

56fdd741f7cb5e05bf41de1cdaab5b77 mnf/2.0/i586/nfs-utils-clients-1.0.6-2.3.100mdk.i586.rpm

299486c57905d6f988ad9828cedb0ad7 mnf/2.0/SRPMS/nfs-utils-1.0.6-2.3.100mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJqF1FmqjQ0CJFipgRApPwAJ43DW1JoyDhHsLU4XVoB1tJG3qTlwCgthm+

18IlBv2SUmhrfSbqJiAC9qM=

=EZNq

-----END PGP SIGNATURE-----

 

 

------------=_1235782269-6173-1749

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1235782269-6173-1749--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×