nfs-utils as built in Fedora 9 and 10 is not built with TCP wrappers support. This means that anyone trying to protect their NFS service via TCP wrappers will not be protected as they would expect. Also the code that will be enabled does not work when hostnames are added to /etc/hosts.deny. The code only works with IP address. -
Created attachment 327813 [details] Proposed Fedora 9 and 10 patch
nfs-utils-1.1.4-6.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/nfs-utils-1.1.4-6.fc10
nfs-utils-1.1.2-9.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/nfs-utils-1.1.2-9.fc9
nfs-utils-1.1.4-6.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update nfs-utils'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-0266
nfs-utils-1.1.2-9.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update nfs-utils'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2009-0297
nfs-utils-1.1.4-6.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
nfs-utils-1.1.2-9.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
MITRE has assigned this bug CVE-2009-0180. It's really the same as CVE-2008-1376.