Articles / Red Hat: Updated redhat-con…

Red Hat: Updated redhat-config-nfs package resolves several security issues

The redhat-config-nfs package includes a graphical user interface for creating, modifying, and deleting nfs shares. John Buswell discovered a flaw in redhat-config-nfs that could lead to incorrect permissions on exported shares when exporting to multiple hosts. This could cause an option such as "all_squash" to not be applied to all of the listed hosts. Updated packages are available from updates.redhat.com.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated redhat-config-nfs package resolves several security issues
Advisory ID:       RHSA-2004:434-01
Issue date:        2004-09-22
Updated on:        2004-09-22
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0750
- ---------------------------------------------------------------------

1. Summary:

An updated redhat-config-nfs package that fixes bugs and potential security
issues is now available for Red Hat Enterprise Linux 3.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - noarch
Red Hat Desktop version 3 - noarch
Red Hat Enterprise Linux ES version 3 - noarch
Red Hat Enterprise Linux WS version 3 - noarch

3. Problem description:

The redhat-config-nfs package includes a graphical user interface for
creating, modifying, and deleting nfs shares.

John Buswell discovered a flaw in redhat-config-nfs that could lead to
incorrect permissions on exported shares when exporting to multiple
hosts.  This could cause an option such as "all_squash" to not be
applied to all of the listed hosts.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0750 to
this issue.

Additionally, a bug was found that prevented redhat-config-nfs from being
run if hosts didn't have options set in /etc/exports.

All users of redhat-config-nfs are advised to upgrade to these updated
packages as well as checking their NFS shares directly or via the
/etc/exports file for any incorrectly set options.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

107997 - CAN-2004-0750 [PATCH] /etc/exports has incorrect syntax for multiple hosts with a single mount point

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/redhat-config-nfs-1.0.13-6.src.rpm
8ad0200a16439ba6341703e277b6edc0  redhat-config-nfs-1.0.13-6.src.rpm

noarch:
ddea963341fba763c3bd428f16c8fede  redhat-config-nfs-1.0.13-6.noarch.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/redhat-config-nfs-1.0.13-6.src.rpm
8ad0200a16439ba6341703e277b6edc0  redhat-config-nfs-1.0.13-6.src.rpm

noarch:
ddea963341fba763c3bd428f16c8fede  redhat-config-nfs-1.0.13-6.noarch.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/redhat-config-nfs-1.0.13-6.src.rpm
8ad0200a16439ba6341703e277b6edc0  redhat-config-nfs-1.0.13-6.src.rpm

noarch:
ddea963341fba763c3bd428f16c8fede  redhat-config-nfs-1.0.13-6.noarch.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/redhat-config-nfs-1.0.13-6.src.rpm
8ad0200a16439ba6341703e277b6edc0  redhat-config-nfs-1.0.13-6.src.rpm

noarch:
ddea963341fba763c3bd428f16c8fede  redhat-config-nfs-1.0.13-6.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0750

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBUcxAXlSAg2UNWIIRAqSBAKCNvZQD8MZgD/xPm0oyfEwBGHZacACcCOzr
Dy2AsUQJ0xCAXWddSKcLO2c=
=dEP+
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.