Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu
Hi This version fixes a security issue which the Security Team evaluated as not warranting a DSA. Attached the diff of the proposed upload. Cheers Luk
diff -Nru nfs-utils-1.2.2/debian/changelog nfs-utils-1.2.2/debian/changelog --- nfs-utils-1.2.2/debian/changelog 2011-10-26 09:00:28.000000000 +0200 +++ nfs-utils-1.2.2/debian/changelog 2011-12-30 18:59:58.000000000 +0100 @@ -1,3 +1,9 @@ +nfs-utils (1:1.2.2-4squeeze2) stable; urgency=high + + * Fix CVE-2011-1749: Avoid leaving a corrupt mtab file (Closes: #629420) + + -- Luk Claes <l...@debian.org> Fri, 30 Dec 2011 18:58:07 +0100 + nfs-utils (1:1.2.2-4squeeze1) stable; urgency=low * Build with patch d6c1b35c6b40243bfd6fba2591c9f8f2653078c0 from upstream diff -Nru nfs-utils-1.2.2/debian/patches/17-fix-CVE-2011-1749.patch nfs-utils-1.2.2/debian/patches/17-fix-CVE-2011-1749.patch --- nfs-utils-1.2.2/debian/patches/17-fix-CVE-2011-1749.patch 1970-01-01 01:00:00.000000000 +0100 +++ nfs-utils-1.2.2/debian/patches/17-fix-CVE-2011-1749.patch 2011-12-30 18:57:28.000000000 +0100 @@ -0,0 +1,56 @@ +From: NeilBrown <ne...@suse.de> +Date: Mon, 23 May 2011 12:19:57 +0000 (-0400) +Subject: Remove risk of nfs_addmntent corrupting mtab +X-Git-Tag: nfs-utils-1-2-4-rc9~11 +X-Git-Url: http://git.linux-nfs.org/?p=steved%2Fnfs-utils.git;a=commitdiff_plain;h=7a802337bfc92d0b30fe94dbd0fa231990a26161 + +Remove risk of nfs_addmntent corrupting mtab + +nfs_addmntent is used to append directly to /etc/mtab. +If the write partially fail, e.g. due to RLIMIT_FSIZE, +truncate back to original size and return an error. + +See also https://bugzilla.redhat.com/show_bug.cgi?id=697975 +(CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE + +Signed-off-by: NeilBrown <ne...@suse.de> +Signed-off-by: Steve Dickson <ste...@redhat.com> +--- + +diff --git a/support/nfs/nfs_mntent.c b/support/nfs/nfs_mntent.c +index a5216fc..a2118a2 100644 +--- a/support/nfs/nfs_mntent.c ++++ b/support/nfs/nfs_mntent.c +@@ -12,6 +12,7 @@ + #include <string.h> /* for index */ + #include <ctype.h> /* for isdigit */ + #include <sys/stat.h> /* for umask */ ++#include <unistd.h> /* for ftruncate */ + + #include "nfs_mntent.h" + #include "nls.h" +@@ -127,9 +128,11 @@ int + nfs_addmntent (mntFILE *mfp, struct mntent *mnt) { + char *m1, *m2, *m3, *m4; + int res; ++ off_t length; + + if (fseek (mfp->mntent_fp, 0, SEEK_END)) + return 1; /* failure */ ++ length = ftell(mfp->mntent_fp); + + m1 = mangle(mnt->mnt_fsname); + m2 = mangle(mnt->mnt_dir); +@@ -143,6 +146,12 @@ nfs_addmntent (mntFILE *mfp, struct mntent *mnt) { + free(m2); + free(m3); + free(m4); ++ if (res >= 0) { ++ res = fflush(mfp->mntent_fp); ++ if (res < 0) ++ /* Avoid leaving a corrupt mtab file */ ++ ftruncate(fileno(mfp->mntent_fp), length); ++ } + return (res < 0) ? 1 : 0; + } + diff -Nru nfs-utils-1.2.2/debian/patches/series nfs-utils-1.2.2/debian/patches/series --- nfs-utils-1.2.2/debian/patches/series 2011-10-26 08:50:31.000000000 +0200 +++ nfs-utils-1.2.2/debian/patches/series 2011-12-30 18:57:46.000000000 +0100 @@ -8,3 +8,4 @@ 14-allow-address-without-name.patch 15-mountd-fix-path-comparison-for-v4-crossmnt.patch 16-negotiate-des-only.patch +17-fix-CVE-2011-1749.patch
