[SECURITY] [DLA 108-1] nfs-utils security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 108-1] nfs-utils security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 13 Dec 2014 12:34:15 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1412131232370.28717@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : nfs-utils
Version        : 1:1.2.2-4squeeze3
CVE ID         : CVE-2012-3541

In the past, rpc.statd posted SM_NOTIFY requests using the same socket itused for sending downcalls to the kernel. To receive replies from remotehosts, the socket was bound to INADDR_ANY. To prevent unwanted datainjection, bind this socket to the loopback address.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUjCQ3XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHw6QP/3CN8EW1Plf0Rb0o77QfuXAo
Ct8imInk0pYgwBagS7smS2Qv7qTdHR16P5yObiX2CpVovZ86txmjHSY+P4Nn5kuE
tEzvs02w6nB0InqpwwYOwd8B6iOBjhHICFXZhsYE+C6vYLh/zkO+gCArQRgDrclB
YXPXhlLshA78RmsUpzFcmYNUmzClpPZ96izIF14SdoTrtTbtIFe4MM1XUvt1LH7e
6MjWWBsdn59swFByPaYkIRBg4C93sXXHp9HjLiFLHDUniupLtL1QgDAc20Gs6pXV
W3zoQtTr4Axwe9ZiLflcyc+BjPwQx4ipu/uR9ixljFbzAK76bQAU0HJifN6XxB3n
fywgf5NpvtLi+5RRFJ7wDfD9KDyCyYc+wTJIIZAvNAGnz8xAxjJgWWK4PQtA1g5r
No2/oUK2WN4sJU6KPFtOFR8L+nXDY5A9nbCWTaiq4GvolN/gYhCMqOuSB7Bsi4VM
AzelVRQPptj74yIXjxOt4bBOIIdT576bknAYpPna2nD+C3SVXpOuLaCKiQdLMbny
+1iiqJHDXUDDSGStkR57PrPpPQJM7XcnhhlL8ThyARRHeGakto5QjCTSKK85tGmn
OoO03QQRMp1nUPvfAzD1j7+nmHceFbpjGegCkSlMRYOq0oXOzHmd1k6LrvdexUeo
ULR9WmYnYErmXyUXwsYT
=FF3b
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 107-1] unbound security update
Next by Date: [SECURITY] [DLA 110-1] libyaml security update
Previous by thread: [SECURITY] [DLA 107-1] unbound security update
Next by thread: [SECURITY] [DLA 110-1] libyaml security update
Index(es):
- Date
- Thread