slackware-security]  nfs-utils off-by-one overflow fixed (SSA:2003-195-01)

New nfs-utils packages are available for Slackware 8.1, 9.0, and -current
to fix an off-by-one buffer overflow in xlog.c.  Thanks to Janusz
Niewiadomski for discovering and reporting this problem.

The CVE (Common Vulnerabilities and Exposures) Project has assigned the
identification number CAN-2003-0252 to this issue.

Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
iMon Jul 14 14:15:34 PDT 2003
patches/packages/nfs-utils-1.0.4-i386-1.tgz:  Upgraded to nfs-utils-1.0.4.
  This fixes an off-by-one buffer overflow in xlog.c which could be used
  by an attacker to produce a denial of NFS service, or to execute
  arbitrary code.  All sites providing NFS services should upgrade to
  this new package immediately.
  (* Security fix *)
+--------------------------+


WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated package for Slackware 8.1: 
 

Updated package for Slackware 9.0: 
 

Updated package for Slackware -current: 
 



MD5 SIGNATURES:
+-------------+

Slackware 8.1 package:
e6853189637bab81e7ba145ba3a401ae  nfs-utils-1.0.4-i386-1.tgz

Slackware 9.0 package:
92d45eeb49bade596c78c42b72af8807  nfs-utils-1.0.4-i386-1.tgz

Slackware -current package:
78ab9c34e3e01243626697d028a3ade2  nfs-utils-1.0.4-i486-1.tgz


INSTALLATION INSTRUCTIONS:
+------------------------+

First, if the NFS server is running, stop it:
. /etc/rc.d/rc.nfsd stop

Then upgrade using upgradepkg (as root):
upgradepkg nfs-utils-1.0.4-i386-1.tgz

Finally, restart NFS services:
. /etc/rc.d/rc.nfsd start



+-----+

Slackware Linux Security Team 
slackware
security@slackware.com

Slackware: nfs-utils denial of service vulnerability

July 15, 2003
This fixes an off-by-one buffer overflow in xlog.c which could be used by an attacker to produce a denial of NFS service, or to execute arbitrary code.

Summary

Here are the details from the Slackware 9.0 ChangeLog: iMon Jul 14 14:15:34 PDT 2003 patches/packages/nfs-utils-1.0.4-i386-1.tgz: Upgraded to nfs-utils-1.0.4. This fixes an off-by-one buffer overflow in xlog.c which could be used by an attacker to produce a denial of NFS service, or to execute arbitrary code. All sites providing NFS services should upgrade to this new package immediately. (* Security fix *) WHERE TO FIND THE NEW PACKAGES: Updated package for Slackware 8.1: Updated package for Slackware 9.0: Updated package for Slackware -current: MD5 SIGNATURES: Slackware 8.1 package: e6853189637bab81e7ba145ba3a401ae nfs-utils-1.0.4-i386-1.tgz Slackware 9.0 package: 92d45eeb49bade596c78c42b72af8807 nfs-utils-1.0.4-i386-1.tgz Slackware -current package: 78ab9c34e3e01243626697d028a3ade2 nfs-utils-1.0.4-i486-1.tgz INSTALLATION INSTRUCTIONS: First, if the NFS server is running, stop it: . /etc/rc.d/rc.nfsd stop Then upgrade using upgradepkg (as roo...

Where Find New Packages

MD5 Signatures

Severity
slackware-security] nfs-utils off-by-one overflow fixed (SSA:2003-195-01)
New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to fix an off-by-one buffer overflow in xlog.c. Thanks to Janusz Niewiadomski for discovering and reporting this problem.
The CVE (Common Vulnerabilities and Exposures) Project has assigned the identification number CAN-2003-0252 to this issue.

Installation Instructions

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved