openSUSE Security Update: nfs-utils ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:0747-1 Rating: moderate References: #689799 #693189 #701702 Cross-References: CVE-2011-1749 CVE-2011-2500 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update fixes the following security issues: When using wildcards in /etc/exports an attacker could gain unauthorized access to an nfs exported filesystem by creating a DNS record that resolves to the attacker's IP as well as to a trusted IP (CVE-2011-2500). mount.nfs could corrupt /etc/mtab (CVE-2011-1749). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch nfs-client-4831 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): nfs-client-1.2.3-11.16.1 nfs-doc-1.2.3-11.16.1 nfs-kernel-server-1.2.3-11.16.1 References: http://support.novell.com/security/cve/CVE-2011-1749.html http://support.novell.com/security/cve/CVE-2011-2500.html https://bugzilla.novell.com/689799 https://bugzilla.novell.com/693189 https://bugzilla.novell.com/701702