[SECURITY] [DLA 108-1] nfs-utils security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : nfs-utils
Version : 1:1.2.2-4squeeze3
CVE ID : CVE-2012-3541
In the past, rpc.statd posted SM_NOTIFY requests using the same socket it
used for sending downcalls to the kernel. To receive replies from remote
hosts, the socket was bound to INADDR_ANY. To prevent unwanted data
injection, bind this socket to the loopback address.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJUjCQ3XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHw6QP/3CN8EW1Plf0Rb0o77QfuXAo
Ct8imInk0pYgwBagS7smS2Qv7qTdHR16P5yObiX2CpVovZ86txmjHSY+P4Nn5kuE
tEzvs02w6nB0InqpwwYOwd8B6iOBjhHICFXZhsYE+C6vYLh/zkO+gCArQRgDrclB
YXPXhlLshA78RmsUpzFcmYNUmzClpPZ96izIF14SdoTrtTbtIFe4MM1XUvt1LH7e
6MjWWBsdn59swFByPaYkIRBg4C93sXXHp9HjLiFLHDUniupLtL1QgDAc20Gs6pXV
W3zoQtTr4Axwe9ZiLflcyc+BjPwQx4ipu/uR9ixljFbzAK76bQAU0HJifN6XxB3n
fywgf5NpvtLi+5RRFJ7wDfD9KDyCyYc+wTJIIZAvNAGnz8xAxjJgWWK4PQtA1g5r
No2/oUK2WN4sJU6KPFtOFR8L+nXDY5A9nbCWTaiq4GvolN/gYhCMqOuSB7Bsi4VM
AzelVRQPptj74yIXjxOt4bBOIIdT576bknAYpPna2nD+C3SVXpOuLaCKiQdLMbny
+1iiqJHDXUDDSGStkR57PrPpPQJM7XcnhhlL8ThyARRHeGakto5QjCTSKK85tGmn
OoO03QQRMp1nUPvfAzD1j7+nmHceFbpjGegCkSlMRYOq0oXOzHmd1k6LrvdexUeo
ULR9WmYnYErmXyUXwsYT
=FF3b
-----END PGP SIGNATURE-----
Reply to: