Bug 362101

Summary: CVE-2007-3999 krb5 RPC library buffer overflow [Fdevel]
Product: [Fedora] Fedora Reporter: Lubomir Kundrak <lkundrak>
Component: nfs-utils-libAssignee: Steve Dickson <steved>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: urgent    
Version: rawhideCC: thoger
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: nfs-utils-lib-1.1.0-4.fc9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-07 16:17:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 250973    

Description Lubomir Kundrak 2007-11-01 16:40:09 UTC 
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).



[bug automatically created by: add-tracking-bugs]
Comment 1 Lubomir Kundrak 2007-11-09 15:41:09 UTC 
What prevents you from doing an update? Do you need help? Otherwise please
prepare an update as soon as possible.
Comment 2 Steve Dickson 2008-01-24 19:35:42 UTC 
Fixed in nfs-utils-lib-1.1.1-2.fc9
Comment 3 Lubomir Kundrak 2008-04-08 19:59:58 UTC 
Final Freeze is in effect now. Security fixes almost certainly warrant a freeze
break, so in case you build a fix for this, mail release engineering as
described here: [2]

[1] https://www.redhat.com/archives/fedora-devel-announce/2008-April/msg00007.html
[2] http://fedoraproject.org/wiki/ReleaseEngineering/FinalFreezePolicy

Thanks!
Comment 4 Tomas Hoger 2008-05-06 15:38:15 UTC 
(In reply to comment #2)
> Fixed in nfs-utils-lib-1.1.1-2.fc9

Was that fixed upstream in 1.1.1?  If so, this can probably be closed, as
nfs-utils-lib-1.1.1-3.fc9 is already tagged f9-final.
Comment 5 Tomas Hoger 2008-05-07 16:17:15 UTC 
This is fixed in nfs-utils-lib-1.1.0-4.fc9