--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-152904 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152904 2006-03-28 --------------------------------------------------------------------- Name : ncpfs Versions : rh73: ncpfs-2.2.0.18-6.1.legacy Versions : rh9: ncpfs-2.2.1-1.1.legacy Versions : fc1: ncpfs-2.2.3-1.1.legacy Versions : fc2: ncpfs-2.2.4-1.1.legacy Versions : fc3: ncpfs-2.2.4-5.FC3.1.legacy Summary : Utilities for the ncpfs filesystem, a NetWare client. Description : Ncpfs is a filesystem which understands the Novell NetWare(TM) NCP protocol. Functionally, NCP is used for NetWare the way NFS is used in the TCP/IP world. For a Linux system to mount a NetWare filesystem, it needs a special mount program. The ncpfs package contains such a mount program plus other tools for configuring and using the ncpfs filesystem. --------------------------------------------------------------------- Update Information: An updated ncpfs package is now available. Ncpfs is a file system that understands the Novell NetWare(TM) NCP protocol. Buffer overflows were found in the nwclient program. An attacker, using a long -T option, could possibly execute arbitrary code and gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1079 to this issue. A bug was found in the way ncpfs handled file permissions. ncpfs did not sufficiently check if the file owner matched the user attempting to access the file, potentially violating the file permissions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0013 to this issue. A buffer overflow was found in the ncplogin program. A remote malicious NetWare server could execute arbitrary code on a victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0014 to this issue. All users of ncpfs are advised to upgrade to this updated package, which contains backported fixes for these issues. --------------------------------------------------------------------- Changelogs rh73: * Fri Mar 10 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.2.0.18-6.1.legacy - fixed getuid security bug CVE-2005-0013 rh9: * Fri Mar 10 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.2.1-1.1.legacy - Added patches for CVE-2004-1079, CVE-2005-0013 and CVE-2005-0014 fc1: * Sat Mar 11 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.2.3-1.1.legacy - Added patches for CVE-2004-1079, CVE-2005-0013 and CVE-2005-0014 fc2: * Sat Mar 11 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.2.4-1.1.legacy - Added patches for CVE-2004-1079, CVE-2005-0013 and CVE-2005-0014 fc3: * Sat Mar 11 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.2.4-5.FC3.1.legacy - Added missing part of CVE-2005-0013 fix --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 16740d3fa5e17a46429ad3586e4adf9a14a64f8d redhat/7.3/updates-testing/i386/ncpfs-2.2.0.18-6.1.legacy.i386.rpm 21f8520c8a2a3d60e55041c0db028e03549f8544 redhat/7.3/updates-testing/i386/ipxutils-2.2.0.18-6.1.legacy.i386.rpm 6704d55f1f43360b6ad4211e2ca0f92e9f2174c8 redhat/7.3/updates-testing/SRPMS/ncpfs-2.2.0.18-6.1.legacy.src.rpm rh9: 6acd3b7b7d09cb0e47769b43a888adf72a6278ac redhat/9/updates-testing/i386/ncpfs-2.2.1-1.1.legacy.i386.rpm c49d83f88b229ce57c689d313eccb4df7b89f36b redhat/9/updates-testing/i386/ipxutils-2.2.1-1.1.legacy.i386.rpm ac833c51fcf831bca3edef5d0275ccd1ae0a530f redhat/9/updates-testing/SRPMS/ncpfs-2.2.1-1.1.legacy.src.rpm fc1: 8379face8f68fe556d40bf32f72a5ab368e8eb6d fedora/1/updates-testing/i386/ncpfs-2.2.3-1.1.legacy.i386.rpm eefaa839a26179ca5d41897eacf7bbf3c49661e1 fedora/1/updates-testing/i386/ipxutils-2.2.3-1.1.legacy.i386.rpm ede00a8544200515b5e09a7a40836d8f558cac9d fedora/1/updates-testing/SRPMS/ncpfs-2.2.3-1.1.legacy.src.rpm fc2: 1d32d2f0c39475f98206d78f87c587d4f96ddb70 fedora/2/updates-testing/i386/ncpfs-2.2.4-1.1.legacy.i386.rpm c095ce2d66184b605516231609cddc30520c3eb5 fedora/2/updates-testing/i386/ipxutils-2.2.4-1.1.legacy.i386.rpm 874f8a48f85fef80615b5892a70d214f0935ed7a fedora/2/updates-testing/SRPMS/ncpfs-2.2.4-1.1.legacy.src.rpm fc3: dc329c8b3558f67350486358b01b6a62f6f467af fedora/3/updates-testing/i386/ncpfs-2.2.4-5.FC3.1.legacy.i386.rpm 1ddd6caafe4a693d4a69d341be69600df446de3b fedora/3/updates-testing/i386/ipxutils-2.2.4-5.FC3.1.legacy.i386.rpm db8660759a23570a6d06bda37c619e0931425ef8 fedora/3/updates-testing/x86_64/ncpfs-2.2.4-5.FC3.1.legacy.x86_64.rpm 1e8bc7d10995fde90688b424f5001c14f7d3e3bc fedora/3/updates-testing/x86_64/ipxutils-2.2.4-5.FC3.1.legacy.x86_64.rpm 7f29dd88dcf31f19970e22c8c3af7267c62a5508 fedora/3/updates-testing/SRPMS/ncpfs-2.2.4-5.FC3.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list