Security Advisory Important: nfs-utils-lib security update

Advisory: RHSA-2007:0913-2
Type: Security Advisory
Severity: Important
Issued on: 2007-09-19
Last updated on: 2007-09-19
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2007-3999

Details

An updated nfs-utils-lib package to correct a security flaw is now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The nfs-utils-lib package contains support libraries that are needed by the
commands and daemons of the nfs-utils package.

Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by nfs-utils-lib. A remote unauthenticated attacker who can
access an application linked against nfs-utils-lib could trigger this flaw
and cause the application to crash. On Red Hat Enterprise Linux 4 it is not
possible to exploit this flaw to run arbitrary code as the overflow is
blocked by FORTIFY_SOURCE. (CVE-2007-3999)

Users of nfs-utils-lib are advised to upgrade to this updated package,
which contains a backported patch that resolves this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
nfs-utils-lib-1.0.6-8.z1.src.rpm     6de4df5245856abfb1e27f43ec995ad4
 
IA-32:
nfs-utils-lib-1.0.6-8.z1.i386.rpm     ad7d44ae0fecc5fa1f7f69d20f24d0c2
nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm     acb8da85e6780111d86eb45182d6926f
 
x86_64:
nfs-utils-lib-1.0.6-8.z1.x86_64.rpm     fb0cbb12869dadcf9872375bd50012db
nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm     506a8209ed65baa42d147dc0e6503ff5
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
nfs-utils-lib-1.0.6-8.z1.src.rpm     6de4df5245856abfb1e27f43ec995ad4
 
IA-32:
nfs-utils-lib-1.0.6-8.z1.i386.rpm     ad7d44ae0fecc5fa1f7f69d20f24d0c2
nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm     acb8da85e6780111d86eb45182d6926f
 
IA-64:
nfs-utils-lib-1.0.6-8.z1.ia64.rpm     6866d2ae4650b96f925384ecf4b6891c
nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm     65fbf40e86f97368f5679da2140e0360
 
PPC:
nfs-utils-lib-1.0.6-8.z1.ppc.rpm     1bd2cf61e4e41a20c11c038bc6895243
nfs-utils-lib-devel-1.0.6-8.z1.ppc.rpm     a030703d3d2731eaf4b6573130e562cf
 
s390:
nfs-utils-lib-1.0.6-8.z1.s390.rpm     1eaaca7f9b503f611203cc2ab946950f
nfs-utils-lib-devel-1.0.6-8.z1.s390.rpm     f77020fcc2aea3bb5cdeedd3977feb97
 
s390x:
nfs-utils-lib-1.0.6-8.z1.s390x.rpm     a8bab89128f0a7779e929bc6d712a28a
nfs-utils-lib-devel-1.0.6-8.z1.s390x.rpm     dff59782eda7f14c789b55254422d3a5
 
x86_64:
nfs-utils-lib-1.0.6-8.z1.x86_64.rpm     fb0cbb12869dadcf9872375bd50012db
nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm     506a8209ed65baa42d147dc0e6503ff5
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
nfs-utils-lib-1.0.6-8.z1.src.rpm     6de4df5245856abfb1e27f43ec995ad4
 
IA-32:
nfs-utils-lib-1.0.6-8.z1.i386.rpm     ad7d44ae0fecc5fa1f7f69d20f24d0c2
nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm     acb8da85e6780111d86eb45182d6926f
 
IA-64:
nfs-utils-lib-1.0.6-8.z1.ia64.rpm     6866d2ae4650b96f925384ecf4b6891c
nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm     65fbf40e86f97368f5679da2140e0360
 
x86_64:
nfs-utils-lib-1.0.6-8.z1.x86_64.rpm     fb0cbb12869dadcf9872375bd50012db
nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm     506a8209ed65baa42d147dc0e6503ff5
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
nfs-utils-lib-1.0.6-8.z1.src.rpm     6de4df5245856abfb1e27f43ec995ad4
 
IA-32:
nfs-utils-lib-1.0.6-8.z1.i386.rpm     ad7d44ae0fecc5fa1f7f69d20f24d0c2
nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm     acb8da85e6780111d86eb45182d6926f
 
IA-64:
nfs-utils-lib-1.0.6-8.z1.ia64.rpm     6866d2ae4650b96f925384ecf4b6891c
nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm     65fbf40e86f97368f5679da2140e0360
 
x86_64:
nfs-utils-lib-1.0.6-8.z1.x86_64.rpm     fb0cbb12869dadcf9872375bd50012db
nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm     506a8209ed65baa42d147dc0e6503ff5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

250973 - CVE-2007-3999 krb5 RPC library buffer overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/