Issued:: 2007-09-19
Updated:: 2007-09-19

RHSA-2007:0913 - Security Advisory

Overview
Updated Packages

Synopsis

Important: nfs-utils-lib security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated nfs-utils-lib package to correct a security flaw is now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The nfs-utils-lib package contains support libraries that are needed by the
commands and daemons of the nfs-utils package.

Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by nfs-utils-lib. A remote unauthenticated attacker who can
access an application linked against nfs-utils-lib could trigger this flaw
and cause the application to crash. On Red Hat Enterprise Linux 4 it is not
possible to exploit this flaw to run arbitrary code as the overflow is
blocked by FORTIFY_SOURCE. (CVE-2007-3999)

Users of nfs-utils-lib are advised to upgrade to this updated package,
which contains a backported patch that resolves this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

BZ - 250973 - CVE-2007-3999 krb5 RPC library buffer overflow

CVEs

CVE-2007-3999

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
nfs-utils-lib-1.0.6-8.z1.src.rpm	SHA-256: 69605464396fe124cf1098728560873278fb86dc10b8e317e415b4f69be665b4
x86_64
nfs-utils-lib-1.0.6-8.z1.x86_64.rpm	SHA-256: 90445d6dbcd69173259a9ea4b01cee93c643d30d7aa6ef708424345c68e7049c
nfs-utils-lib-1.0.6-8.z1.x86_64.rpm	SHA-256: 90445d6dbcd69173259a9ea4b01cee93c643d30d7aa6ef708424345c68e7049c
nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm	SHA-256: 73173a0573299353c30901b16e593d6954ffa53d0aa35b7ee17d9c4a0fadf568
nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm	SHA-256: 73173a0573299353c30901b16e593d6954ffa53d0aa35b7ee17d9c4a0fadf568
ia64
nfs-utils-lib-1.0.6-8.z1.ia64.rpm	SHA-256: d73ae5fab8b0937f3a617d31ca596d2bf8f56dec932a0a5718ff6d8736b6bab7
nfs-utils-lib-1.0.6-8.z1.ia64.rpm	SHA-256: d73ae5fab8b0937f3a617d31ca596d2bf8f56dec932a0a5718ff6d8736b6bab7
nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm	SHA-256: 3f89772e37af71247dcb59a0d21dc769a9f38f7d8f6f42328a97a3d74a8df383
nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm	SHA-256: 3f89772e37af71247dcb59a0d21dc769a9f38f7d8f6f42328a97a3d74a8df383
i386
nfs-utils-lib-1.0.6-8.z1.i386.rpm	SHA-256: 5ae1e99233cfdfa5898a7ba255ec65aab7ad164e6b6871c6fcacee1f207e2daa
nfs-utils-lib-1.0.6-8.z1.i386.rpm	SHA-256: 5ae1e99233cfdfa5898a7ba255ec65aab7ad164e6b6871c6fcacee1f207e2daa
nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm	SHA-256: 93180437ce99175432f706caf6d5f464705399348044f17465368d9afc20b575
nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm	SHA-256: 93180437ce99175432f706caf6d5f464705399348044f17465368d9afc20b575

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
nfs-utils-lib-1.0.6-8.z1.src.rpm	SHA-256: 69605464396fe124cf1098728560873278fb86dc10b8e317e415b4f69be665b4
x86_64
nfs-utils-lib-1.0.6-8.z1.x86_64.rpm	SHA-256: 90445d6dbcd69173259a9ea4b01cee93c643d30d7aa6ef708424345c68e7049c
nfs-utils-lib-1.0.6-8.z1.x86_64.rpm	SHA-256: 90445d6dbcd69173259a9ea4b01cee93c643d30d7aa6ef708424345c68e7049c
nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm	SHA-256: 73173a0573299353c30901b16e593d6954ffa53d0aa35b7ee17d9c4a0fadf568
nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm	SHA-256: 73173a0573299353c30901b16e593d6954ffa53d0aa35b7ee17d9c4a0fadf568
ia64
nfs-utils-lib-1.0.6-8.z1.ia64.rpm	SHA-256: d73ae5fab8b0937f3a617d31ca596d2bf8f56dec932a0a5718ff6d8736b6bab7
nfs-utils-lib-1.0.6-8.z1.ia64.rpm	SHA-256: d73ae5fab8b0937f3a617d31ca596d2bf8f56dec932a0a5718ff6d8736b6bab7
nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm	SHA-256: 3f89772e37af71247dcb59a0d21dc769a9f38f7d8f6f42328a97a3d74a8df383
nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm	SHA-256: 3f89772e37af71247dcb59a0d21dc769a9f38f7d8f6f42328a97a3d74a8df383
i386
nfs-utils-lib-1.0.6-8.z1.i386.rpm	SHA-256: 5ae1e99233cfdfa5898a7ba255ec65aab7ad164e6b6871c6fcacee1f207e2daa
nfs-utils-lib-1.0.6-8.z1.i386.rpm	SHA-256: 5ae1e99233cfdfa5898a7ba255ec65aab7ad164e6b6871c6fcacee1f207e2daa
nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm	SHA-256: 93180437ce99175432f706caf6d5f464705399348044f17465368d9afc20b575
nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm	SHA-256: 93180437ce99175432f706caf6d5f464705399348044f17465368d9afc20b575

Red Hat Enterprise Linux Workstation 4

SRPM
nfs-utils-lib-1.0.6-8.z1.src.rpm	SHA-256: 69605464396fe124cf1098728560873278fb86dc10b8e317e415b4f69be665b4
x86_64
nfs-utils-lib-1.0.6-8.z1.x86_64.rpm	SHA-256: 90445d6dbcd69173259a9ea4b01cee93c643d30d7aa6ef708424345c68e7049c
nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm	SHA-256: 73173a0573299353c30901b16e593d6954ffa53d0aa35b7ee17d9c4a0fadf568
ia64
nfs-utils-lib-1.0.6-8.z1.ia64.rpm	SHA-256: d73ae5fab8b0937f3a617d31ca596d2bf8f56dec932a0a5718ff6d8736b6bab7
nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm	SHA-256: 3f89772e37af71247dcb59a0d21dc769a9f38f7d8f6f42328a97a3d74a8df383
i386
nfs-utils-lib-1.0.6-8.z1.i386.rpm	SHA-256: 5ae1e99233cfdfa5898a7ba255ec65aab7ad164e6b6871c6fcacee1f207e2daa
nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm	SHA-256: 93180437ce99175432f706caf6d5f464705399348044f17465368d9afc20b575

Red Hat Enterprise Linux Desktop 4

SRPM
nfs-utils-lib-1.0.6-8.z1.src.rpm	SHA-256: 69605464396fe124cf1098728560873278fb86dc10b8e317e415b4f69be665b4
x86_64
nfs-utils-lib-1.0.6-8.z1.x86_64.rpm	SHA-256: 90445d6dbcd69173259a9ea4b01cee93c643d30d7aa6ef708424345c68e7049c
nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm	SHA-256: 73173a0573299353c30901b16e593d6954ffa53d0aa35b7ee17d9c4a0fadf568
i386
nfs-utils-lib-1.0.6-8.z1.i386.rpm	SHA-256: 5ae1e99233cfdfa5898a7ba255ec65aab7ad164e6b6871c6fcacee1f207e2daa
nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm	SHA-256: 93180437ce99175432f706caf6d5f464705399348044f17465368d9afc20b575

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
nfs-utils-lib-1.0.6-8.z1.src.rpm	SHA-256: 69605464396fe124cf1098728560873278fb86dc10b8e317e415b4f69be665b4
s390x
nfs-utils-lib-1.0.6-8.z1.s390x.rpm	SHA-256: b1e9d679251e214727934566161d53b3ae591ca5623885fa48a0ff51640d3c57
nfs-utils-lib-devel-1.0.6-8.z1.s390x.rpm	SHA-256: c73eb632ea8e9975695dc77e5d5b32eee5fa4a4a31a72794007605fd3da96acb
s390
nfs-utils-lib-1.0.6-8.z1.s390.rpm	SHA-256: 78a25f898f515dbd2d28e3428fe10214c493692cb8567e4bc343a616eda1e09f
nfs-utils-lib-devel-1.0.6-8.z1.s390.rpm	SHA-256: 64bf5c86b2c20d83c4ab3c89ee9196fcfe5c3dc30c51278d05c9848280667085

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
nfs-utils-lib-1.0.6-8.z1.src.rpm	SHA-256: 69605464396fe124cf1098728560873278fb86dc10b8e317e415b4f69be665b4
s390x
nfs-utils-lib-1.0.6-8.z1.s390x.rpm	SHA-256: b1e9d679251e214727934566161d53b3ae591ca5623885fa48a0ff51640d3c57
nfs-utils-lib-devel-1.0.6-8.z1.s390x.rpm	SHA-256: c73eb632ea8e9975695dc77e5d5b32eee5fa4a4a31a72794007605fd3da96acb
s390
nfs-utils-lib-1.0.6-8.z1.s390.rpm	SHA-256: 78a25f898f515dbd2d28e3428fe10214c493692cb8567e4bc343a616eda1e09f
nfs-utils-lib-devel-1.0.6-8.z1.s390.rpm	SHA-256: 64bf5c86b2c20d83c4ab3c89ee9196fcfe5c3dc30c51278d05c9848280667085

Red Hat Enterprise Linux for Power, big endian 4

SRPM
nfs-utils-lib-1.0.6-8.z1.src.rpm	SHA-256: 69605464396fe124cf1098728560873278fb86dc10b8e317e415b4f69be665b4
ppc
nfs-utils-lib-1.0.6-8.z1.ppc.rpm	SHA-256: 71a635a9ec007496c22ba6d26c78c0de821c8008ba57dafe80324bc410cd9d68
nfs-utils-lib-devel-1.0.6-8.z1.ppc.rpm	SHA-256: 7fe06b1fe615e99cfefe74195030817336781ba6098d33697dc885bd614d7e47

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
nfs-utils-lib-1.0.6-8.z1.src.rpm	SHA-256: 69605464396fe124cf1098728560873278fb86dc10b8e317e415b4f69be665b4
ppc
nfs-utils-lib-1.0.6-8.z1.ppc.rpm	SHA-256: 71a635a9ec007496c22ba6d26c78c0de821c8008ba57dafe80324bc410cd9d68
nfs-utils-lib-devel-1.0.6-8.z1.ppc.rpm	SHA-256: 7fe06b1fe615e99cfefe74195030817336781ba6098d33697dc885bd614d7e47

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation