![[LWN Logo]](/images/lwn.banner.gif)
Date: Thu, 24 Jun 1999 15:01:12 -0400
From: Jeff Johnson <jbj@redhat.com>
To: redhat-watch-list@redhat.com
Subject: [RHSA-1999:016-01] Potential security problem in Red Hat 5.2 nfs-server.
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Potential security problem in Red Hat 5.2 nfs-server.
Advisory ID: RHSA-1999:016-01
Issue date: 1999-06-24
Keywords: nfs-server root-squashing security
---------------------------------------------------------------------
1. Topic:
A potential security problem has been fixed in the nfs-server package.
2. Bug IDs fixed:
3. Relevant releases/architectures:
Red Hat Linux 5.2, all architectures
4. Obsoleted by:
5. Conflicts with:
6. RPMs required:
Intel: ftp://updates.redhat.com/5.2/i386
nfs-server-2.2beta44.i386.rpm
nfs-server-clients2.2beta44.i386.rpm
Alpha: ftp://updates.redhat.com/5.2/alpha
nfs-server-2.2beta44.alpha.rpm
nfs-server-clients-2.2beta44.alpha.rpm
Sparc: ftp://updates.redhat.com/5.2/sparc
nfs-server-2.2beta44.sparc.rpm
nfs-server-clients-2.2beta44.sparc.rpm
7. Problem description:
A change to 32 bit uid_t's within glibc 2.0.x has opened a potential
hole in root-squashing.
8. Solution:
9. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
98bd10854eb9da9ee48d2217055a6979 SRPMS/nfs-server-2.2beta44-1.src.rpm
28da963f934cd376f8cfd0ce7c56747c alpha/nfs-server-2.2beta44-1.alpha.rpm
894c145fa449c7444b155304a1c5c29e alpha/nfs-server-clients-2.2beta44-1.alpha.rpm
0780a208a3053c0e127bfee37eb255e3 i386/nfs-server-2.2beta44-1.i386.rpm
823cae1b9bf28640ff933d1783d581c4 i386/nfs-server-clients-2.2beta44-1.i386.rpm
e2578175851a9c50975d289ae4baebfd sparc/nfs-server-2.2beta44-1.sparc.rpm
e66a63a62f6988ad6885f7a1acb746a8 sparc/nfs-server-clients-2.2beta44-1.sparc.rp
These packages are also PGP signed by Red Hat Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html
10. References:
--
To unsubscribe: mail redhat-watch-list-request@redhat.com with
"unsubscribe" as the Subject.