An updated redhat-config-nfs package that fixes bugs and potential security issues is now available for Red Hat Enterprise Linux 3.

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated redhat-config-nfs package resolves several security issues
Advisory ID:       RHSA-2004:434-01
Issue date:        2004-09-22
Updated on:        2004-09-22
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0750
---------------------------------------------------------------------

1. Summary:

An updated redhat-config-nfs package that fixes bugs and potential security
issues is now available for Red Hat Enterprise Linux 3.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - noarch
Red Hat Desktop version 3 - noarch
Red Hat Enterprise Linux ES version 3 - noarch
Red Hat Enterprise Linux WS version 3 - noarch

3. Problem description:

The redhat-config-nfs package includes a graphical user interface for
creating, modifying, and deleting nfs shares.

John Buswell discovered a flaw in redhat-config-nfs that could lead to
incorrect permissions on exported shares when exporting to multiple
hosts.  This could cause an option such as "all_squash" to not be
applied to all of the listed hosts.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0750 to
this issue.

Additionally, a bug was found that prevented redhat-config-nfs from being
run if hosts didn't have options set in /etc/exports.

All users of redhat-config-nfs are advised to upgrade to these updated
packages as well as checking their NFS shares directly or via the
/etc/exports file for any incorrectly set options.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/

5. Bug IDs fixed  (http://bugzilla.redhat.com/ for more info):

107997 - CAN-2004-0750 [PATCH] /etc/exports has incorrect syntax for multiple hosts with a single mount point

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: 

8ad0200a16439ba6341703e277b6edc0  redhat-config-nfs-1.0.13-6.src.rpm

noarch:
ddea963341fba763c3bd428f16c8fede  redhat-config-nfs-1.0.13-6.noarch.rpm

Red Hat Desktop version 3:

SRPMS: 

8ad0200a16439ba6341703e277b6edc0  redhat-config-nfs-1.0.13-6.src.rpm

noarch:
ddea963341fba763c3bd428f16c8fede  redhat-config-nfs-1.0.13-6.noarch.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: 

8ad0200a16439ba6341703e277b6edc0  redhat-config-nfs-1.0.13-6.src.rpm

noarch:
ddea963341fba763c3bd428f16c8fede  redhat-config-nfs-1.0.13-6.noarch.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: 

8ad0200a16439ba6341703e277b6edc0  redhat-config-nfs-1.0.13-6.src.rpm

noarch:
ddea963341fba763c3bd428f16c8fede  redhat-config-nfs-1.0.13-6.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
 

7. References:
 
CVE -CVE-2004-0750

8. Contact:

The Red Hat security contact is <This email address is being protected from spambots. You need JavaScript enabled to view it.>.  More contact
details at  

Copyright 2004 Red Hat, Inc.