- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2004-023
http://www.skolelinux.no/security/ Finn-Arne Johansen
December 12, 2004 debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------
Package : nfs-utils
Vulnerability : wrong signal handler
Problem-Type : remote
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-1014
DSA ID : DSA-606-1
SGI has discovered that rpc.statd from the nfs-utils package, the Network
Status Monitor, did not ignore the "SIGPIPE". Hence, a client prematurely
terminating the TCP connection could also terminate the server process.
We recommend that you upgrade your nfs-utils packages.
Upgrade Instructions
- --------------------
Make sure the line
deb http://security.debian.org/ stable/updates main contrib non-free
is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists.
Then run 'apt-get install nfs-utils nfs-kernel-server' to upgrade your
nfs-utils packages.
- --------------------------------------------------------------------------
Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org,
linuxiskolen@skolelinux.no, user@skolelinux.de,
admin-discuss@skolelinux.org
Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: Digital signature