[ubuntu/groovy-proposed] nfs-utils 1:1.3.4-2.5ubuntu5 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Jun 30 12:58:11 UTC 2020
nfs-utils (1:1.3.4-2.5ubuntu5) groovy; urgency=medium
* SECURITY UPDATE: privilege escalation via directory permissions
- debian/patches/CVE-2019-3689.patch: take user-id from
/var/lib/nfs/sm in support/nsm/file.c, utils/statd/sm-notify.man,
utils/statd/statd.man.
- debian/nfs-common.postinst: don't make /var/lib/nfs owned by statd.
- CVE-2019-3689
Date: Wed, 17 Jun 2020 08:42:59 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/nfs-utils/1:1.3.4-2.5ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Jun 2020 08:42:59 -0400
Source: nfs-utils
Architecture: source
Version: 1:1.3.4-2.5ubuntu5
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
nfs-utils (1:1.3.4-2.5ubuntu5) groovy; urgency=medium
.
* SECURITY UPDATE: privilege escalation via directory permissions
- debian/patches/CVE-2019-3689.patch: take user-id from
/var/lib/nfs/sm in support/nsm/file.c, utils/statd/sm-notify.man,
utils/statd/statd.man.
- debian/nfs-common.postinst: don't make /var/lib/nfs owned by statd.
- CVE-2019-3689
Checksums-Sha1:
8ec76b12678fecc3dcf34d93239109c51bf53ea3 2435 nfs-utils_1.3.4-2.5ubuntu5.dsc
02b7d0498f622fca3f92417eeeee7f72813ae00f 62580 nfs-utils_1.3.4-2.5ubuntu5.debian.tar.xz
6e86341ed0d4d30fbbe86b746f64890e41d1e416 7928 nfs-utils_1.3.4-2.5ubuntu5_source.buildinfo
Checksums-Sha256:
14435807dea25d4df337b4d78fbedeb5929de617d19d6eec45aa26fdefc4de00 2435 nfs-utils_1.3.4-2.5ubuntu5.dsc
b5fe5d0d2429cbeb6ee69b435fb7ccd184b325082fa9655c67c71b2382e9a2f3 62580 nfs-utils_1.3.4-2.5ubuntu5.debian.tar.xz
2689efb77cf6211bf27d1f4aadcc63880e3df633df4d8baf15c3d7fdba32f29c 7928 nfs-utils_1.3.4-2.5ubuntu5_source.buildinfo
Files:
c3d309e4c95aa696eb342a735173fe00 2435 net optional nfs-utils_1.3.4-2.5ubuntu5.dsc
b7a77e99a7dba6a9e39f32b80ea1432c 62580 net optional nfs-utils_1.3.4-2.5ubuntu5.debian.tar.xz
6e39125314fd002b0c87f4ba2ad46fae 7928 net optional nfs-utils_1.3.4-2.5ubuntu5_source.buildinfo
Original-Maintainer: Debian kernel team <debian-kernel at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl77NmoACgkQZWnYVadE
vpOb+A//bKNC/2HRvHRY2/F9AoGJPkR6eT0GXSW0cm+JuALzkXKAsUL2VFGewuFx
CjG/MWgVUjEYF0Mr0p/EpsK6Il76k6xSqk7U7tHav7awDUmcCFNDmrseN24mtBHH
RlzuRk3ui6GW3PZh0ybFhDew0/leBCDNRSH6vUatWJPHmgYDIzDk/Xsai9OPNIZb
q7U+R3cD4SdxzZttsUVi0RX5V1U/8UgQTKxwufyDgsWEMMXEys8ng+x8wqJ2lx1O
URZzfzfZqRSCWE+1hMtglimgpcnQnPfFzsWezgEVNuFiDWkdPrc1v5Douwx/tf98
f8gwFjxJBsLKNtXeYtRHJ6MqkFqvj+P+tnKtYQ5Cv/ibiprn1estF176na7ftcP/
WRoDLz1s1sXzp+hx/SO2568rwClGOiEEvmTF2NbP7Y0rhF0ZK0Grj9DBYucTOSRJ
KRByBsNY0jQFRfu1qbCeSkfnDB7keCz+m6Embw+xTELenabdpjkpglxw7RXx3Mhy
z0EJxK7mlnKs9xQNKrh7GAqXjcc3A8926d4Mra4IxbItS2pId5FsMf9VQQDBnrmO
boCS1Bkmm/b+pMcH8SsCN5FGWWVYGs7o96A1ZmfyVDHY6T354wzvDlbG6JG7OX8X
3N5uf0o0aJ+Wym3FmMk8rxb7XV7fSm7pWy6NnOeAuE2e74lQle8=
=wNPk
-----END PGP SIGNATURE-----
More information about the Groovy-changes
mailing list