Package: libnfsidmap Severity: important Tags: security Hi, a CVE was released for this package. CVE-2007-4135[0]: Unspecified vulnerability in the NFSv4 ID mapper (nfsidmap) on SUSE Linux Enterprise 10 has unspecified attack vectors and impact, involving the name to uid translation in NFSv4 name lookups.
Please include the CVE id in the changelog if you fix this bug. The CVE doesn't give much information, however I found the fixed source package from SuSE which includes libnfsidmap-0.12-nouser.patch which should fix this. You can get it on: http://ftp.opensuse.org/pub/opensuse/distribution/SL-10.1/inst-source/suse/src/nfsidmap-0.12-16.src.rpm and then extract it by doing rmp2cpio nfsidmap-0.12-16.src.rpm | cpio --extract [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4135 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpOsIiMgHrQI.pgp
Description: PGP signature
