| |||||||||||||||||||
Pardus alert 2011-98 (nfs-utils)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-98 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-07-14 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in ntf-utils. Description =========== CVE-2011-1749: It was found that mount.nfs suffers from the same flaw as other mount helpers (see CVE-2011-1089). Instead of using addmntent(), nfs-utils implements its own similar function (nfs_addmntent()) which also fails to anticipate whether resource limits would interfere with correctly writing to /etc/mtab. A local user could use this to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value. Affected packages: Pardus 2009: nfs-utils, all before 1.1.6-19-5 Pardus 2011: nfs-utils, all before 1.2.3-24-p11 Resolution ========== There are update(s) for nfs-utils. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up nfs-utils Pardus 2011: pisi up nfs-utils References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17967 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||