Low: quota security and bug fix update
Date: Wed, 16 Jan 2013 16:10:14 -0600
Reply-To: Pat Riehecky
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Organization: Fermilab
Subject: Security ERRATA Low: quota on SL5.x i386/x86_64
MIME-Version: 1.0
Synopsis: Low: quota security and bug fix update
Issue Date: 2013-01-08
CVE Numbers: CVE-2012-3417
--
It was discovered that the rpc.rquotad service did not use tcp_wrapperscorrectly. Certain hosts access rules defined in "/etc/hosts.allow" and
"/etc/hosts.deny" may not have been honored, possibly allowing remote
attackersto bypass intended access restrictions. (CVE-2012-3417)
This update also fixes the following bugs:
* Prior to this update, values were not properly transported via the remote
procedure call (RPC) and interpreted by the client when querying the quota
usage or limits for network-mounted file systems if the quota values
were 2^32
kilobytes or greater. As a consequence, the client reported mangled values.
This update modifies the underlying code so that such values are correctly
interpreted by the client.
* Prior to this update, warnquota sent messages about exceeded quota limits
from a valid domain name if the warnquota tool was enabled to send warning
e-mails and the superuser did not change the default warnquota
configuration.
As a consequence, the recipient could reply to invalid addresses. This
update
modifies the default warnquota configuration to use the reserved
.
domain. Now, warnings about exceeded quota limits are sent from the reserved
domain that inform the superuser to change to the correct value.
* Previously, quota utilities could not recognize the file system as having
quotas enabled and refused to operate on it due to incorrect updating of
/etc/mtab. This update prefers /proc/mounts to get a list of file
systems with
enabled quotas. Now, quota utilities recognize file systems with enabled
quotas
as expected.
* Prior to this update, the setquota(8) tool on XFS file systems failed
to set
disk limits to values greater than 2^31 kilobytes. This update modifies the
integer conversion in the setquota(8) tool to use a 64-bit variable big
enough
to store such values.
--
SL5
x86_64
quota-3.13-8.el5.x86_64.rpm
quota-debuginfo-3.13-8.el5.x86_64.rpm
i386
quota-3.13-8.el5.i386.rpm
quota-debuginfo-3.13-8.el5.i386.rpm
- Scientific Linux Development Team