Описание
ELSA-2007-0951: Important: nfs-utils-lib security update (IMPORTANT)
[1.0.8-7.2.z2]
- Updated libnfsidmap to -17 to fix a security issue (bz 254041)
[1.0.8-7.2.z1]
- Fixed RPC library buffer overflow (bz 265061)
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
nfs-utils-lib
1.0.8-7.2.z2
nfs-utils-lib-devel
1.0.8-7.2.z2
Oracle Linux i386
nfs-utils-lib
1.0.8-7.2.z2
nfs-utils-lib-devel
1.0.8-7.2.z2
Связанные CVE
Связанные уязвимости
The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.
The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.
The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.
The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle re ...
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.