Debian Bug report logs -
#629420
CVE-2011-1749: nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Mon, 6 Jun 2011 15:03:01 UTC
Severity: important
Tags: security
Fixed in version nfs-utils/1:1.2.3-3
Done: Luk Claes <luk@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#629420; Package nfs-utils.
(Mon, 06 Jun 2011 15:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian kernel team <debian-kernel@lists.debian.org>.
(Mon, 06 Jun 2011 15:03:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: nfs-utils
Severity: important
Tags: security
Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1749
for details. I'm not sure if this has been reported/fixed upstream,
nfs-utils doesn't seem to have a public repo.
This doesn't warrant a DSA, but could be fixed through a point update.
Cheers,
Moritz
Added tag(s) pending.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org.
(Tue, 07 Jun 2011 10:33:05 GMT) (full text, mbox, link).
Reply sent
to Luk Claes <luk@debian.org>:
You have taken responsibility.
(Sat, 18 Jun 2011 09:06:40 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Sat, 18 Jun 2011 09:06:44 GMT) (full text, mbox, link).
Message #12 received at 629420-close@bugs.debian.org (full text, mbox, reply):
Source: nfs-utils
Source-Version: 1:1.2.3-3
We believe that the bug you reported is fixed in the latest version of
nfs-utils, which is due to be installed in the Debian FTP archive:
nfs-common_1.2.3-3_i386.deb
to main/n/nfs-utils/nfs-common_1.2.3-3_i386.deb
nfs-kernel-server_1.2.3-3_i386.deb
to main/n/nfs-utils/nfs-kernel-server_1.2.3-3_i386.deb
nfs-utils_1.2.3-3.debian.tar.bz2
to main/n/nfs-utils/nfs-utils_1.2.3-3.debian.tar.bz2
nfs-utils_1.2.3-3.dsc
to main/n/nfs-utils/nfs-utils_1.2.3-3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 629420@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated nfs-utils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 18 Jun 2011 10:48:28 +0200
Source: nfs-utils
Binary: nfs-kernel-server nfs-common
Architecture: source i386
Version: 1:1.2.3-3
Distribution: unstable
Urgency: medium
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description:
nfs-common - NFS support files common to client and server
nfs-kernel-server - support for NFS kernel server
Closes: 621027 624261 629420
Changes:
nfs-utils (1:1.2.3-3) unstable; urgency=medium
.
[ Luk Claes ]
* Remove build dependency on librpcsecgss-dev as it's superseded by
libtirpc-dev
* Remove very old versioned dependencies on netbase and libblkid1
* Exclude state files from dh_md5sum
* Use rpcinfo instead of /dev/tcp redirection
* Fix CVE-2011-1749: Anticipate RLIMIT_FSIZE (Closes: #629420)
* start-statd: Use bash (Closes: #621027)
* Add build-arch and build-indep makefile targets to debian/rules
* Add override for setuid mount.nfs
.
[ Ben Hutchings ]
* statd.man, nfsiostat.man: Fix syntax errors, thanks to Simon Paillard
(Closes: #624261)
* exports.man: Fix syntax errors
* nfs.man: Fix syntax errors and improve tabulation
Checksums-Sha1:
1d6af0538949c4875e1133447c22c3530d359182 1458 nfs-utils_1.2.3-3.dsc
0f0643b2b85f36cc1babb79e56a612a3a02be9ba 39521 nfs-utils_1.2.3-3.debian.tar.bz2
99f6de73681db0eac34a350c51196228c453ae40 162898 nfs-kernel-server_1.2.3-3_i386.deb
bd605beda4308544989298ff16d5ff9b6f24cd14 256248 nfs-common_1.2.3-3_i386.deb
Checksums-Sha256:
88b6160e2dd660a695c366e5f39eca02db03955aa593cc9b8f8644bac5fe4eea 1458 nfs-utils_1.2.3-3.dsc
50e484b29053acbe9800d3c332681b517b0ec3f46a075f4d8178124ed1176868 39521 nfs-utils_1.2.3-3.debian.tar.bz2
3e3c5be7c7c87aa08945db6820034bc11cc557d9cf6270268f0697d8fccfc962 162898 nfs-kernel-server_1.2.3-3_i386.deb
7c5eb07c6c32c5f219c4cce362574d5363e476400c4510311087bc4c2630966e 256248 nfs-common_1.2.3-3_i386.deb
Files:
5dfe4b4bb75456c06fba9574431c33a7 1458 net standard nfs-utils_1.2.3-3.dsc
a4645b5ae988bb25435fd3fe5295f9ad 39521 net standard nfs-utils_1.2.3-3.debian.tar.bz2
69d014f9e2ad432b7fd21cb91c02b6d2 162898 net optional nfs-kernel-server_1.2.3-3_i386.deb
6e0cb2a657e23a8a373379025efea401 256248 net standard nfs-common_1.2.3-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk38Z8cACgkQ5UTeB5t8Mo3/bACfbOj5AvhUhBiVeUg0fq+9hni+
vA0AnjIN19Ojy5ujboPzRZvmqqNCXsI9
=ATde
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 17 Aug 2011 07:33:25 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:09:48 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon