[RHSA-1999:016-01] Potential security problem in Red Hat 5.2

From: Raymond Dijkxhoorn (raymondat_private)
Date: Thu Jun 24 1999 - 15:32:15 PDT

Next message: aleph1at_private: "Microsoft Security Bulletin (MS99-022)"

Previous message: Raymond Dijkxhoorn: "[RHSA-1999:017-01] Potential security problem in Red Hat 6.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jeff Johnson <jbjat_private>

---------------------------------------------------------------------
		   Red Hat, Inc. Security Advisory

Synopsis:		Potential security problem in Red Hat 5.2 nfs-server.
Advisory ID:		RHSA-1999:016-01
Issue date:		1999-06-24
Keywords:		nfs-server root-squashing security
---------------------------------------------------------------------

1. Topic:

A potential security problem has been fixed in the nfs-server package.

2. Bug IDs fixed:

3. Relevant releases/architectures:

Red Hat Linux 5.2, all architectures

4. Obsoleted by:

5. Conflicts with:

6. RPMs required:

Intel: ftp://updates.redhat.com/5.2/i386

	nfs-server-2.2beta44.i386.rpm
	nfs-server-clients2.2beta44.i386.rpm

Alpha: ftp://updates.redhat.com/5.2/alpha

	nfs-server-2.2beta44.alpha.rpm
	nfs-server-clients-2.2beta44.alpha.rpm

Sparc: ftp://updates.redhat.com/5.2/sparc

	nfs-server-2.2beta44.sparc.rpm
	nfs-server-clients-2.2beta44.sparc.rpm

7. Problem description:

A change to 32 bit uid_t's within glibc 2.0.x has opened a potential
hole in root-squashing.

8. Solution:

9. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
98bd10854eb9da9ee48d2217055a6979  SRPMS/nfs-server-2.2beta44-1.src.rpm
28da963f934cd376f8cfd0ce7c56747c  alpha/nfs-server-2.2beta44-1.alpha.rpm
894c145fa449c7444b155304a1c5c29e  alpha/nfs-server-clients-2.2beta44-1.alpha.rpm
0780a208a3053c0e127bfee37eb255e3  i386/nfs-server-2.2beta44-1.i386.rpm
823cae1b9bf28640ff933d1783d581c4  i386/nfs-server-clients-2.2beta44-1.i386.rpm
e2578175851a9c50975d289ae4baebfd  sparc/nfs-server-2.2beta44-1.sparc.rpm
e66a63a62f6988ad6885f7a1acb746a8  sparc/nfs-server-clients-2.2beta44-1.sparc.rp

These packages are also PGP signed by Red Hat Inc. for security.  Our
key is available at:

http://www.redhat.com/corp/contact.html

10. References:



--
         To unsubscribe: mail redhat-watch-list-requestat_private with
                       "unsubscribe" as the Subject.

--
To unsubscribe:
mail -s unsubscribe redhat-announce-list-requestat_private < /dev/null

Next message: aleph1at_private: "Microsoft Security Bulletin (MS99-022)"
Previous message: Raymond Dijkxhoorn: "[RHSA-1999:017-01] Potential security problem in Red Hat 6.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:50:50 PDT