[ubuntu/xenial-security] nfs-utils 1:1.2.8-9ubuntu12.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jun 22 13:28:34 UTC 2020
nfs-utils (1:1.2.8-9ubuntu12.3) xenial-security; urgency=medium
* SECURITY UPDATE: privilege escalation via directory permissions
- debian/patches/CVE-2019-3689.patch: take user-id from
/var/lib/nfs/sm in support/nsm/file.c, utils/statd/sm-notify.man,
utils/statd/statd.man.
- debian/nfs-common.postinst: don't make /var/lib/nfs owned by statd.
- CVE-2019-3689
Date: 2020-06-09 12:53:23.067192+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/nfs-utils/1:1.2.8-9ubuntu12.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list