이 콘텐츠는 선택한 언어로 제공되지 않습니다.
1.153. nfs-utils
1.153.1. RHSA-2009:1321: Low security and bug fix update
An updated nfs-utils package that fixes a security issue and several bugs is now available.
This update has been rated as having low security impact by the Red Hat Security Response Team.
The nfs-utils package provides a daemon for the kernel NFS server and related tools.
It was discovered that nfs-utils did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. (CVE-2008-4552)
This updated package also fixes the following bugs:
- the "LOCKD_TCPPORT" and "LOCKD_UDPPORT" options in "/etc/sysconfig/nfs" were not honored: the lockd daemon continued to use random ports. With this update, these options are honored. (BZ#434795)
- it was not possible to mount NFS file systems from a system that has the "/etc/" directory mounted on a read-only file system (this could occur on systems with an NFS-mounted root file system). With this update, it is possible to mount NFS file systems from a system that has "/etc/" mounted on a read-only file system. (BZ#450646)
- arguments specified by "STATDARG=" in "/etc/sysconfig/nfs" were removed by the nfslock init script, meaning the arguments specified were never passed to rpc.statd. With this update, the nfslock init script no longer removes these arguments. (BZ#459591)
- when mounting an NFS file system from a host not specified in the NFS server's "/etc/exports" file, a misleading "unknown host" error was logged on the server (the hostname lookup did not fail). With this update, a clearer error message is provided for these situations. (BZ#463578)
- the nhfsstone benchmark utility did not work with NFS version 3 and 4. This update adds support to nhfsstone for NFS version 3 and 4. The new nhfsstone "-2", "-3", and "-4" options are used to select an NFS version (similar to nfsstat(8)). (BZ#465933)
- the exportfs(8) manual page contained a spelling mistake, "djando", in the EXAMPLES section. (BZ#474848)
- in some situations the NFS server incorrectly refused mounts to hosts that had a host alias in a NIS netgroup. (BZ#478952)
- in some situations the NFS client used its cache, rather than using the latest version of a file or directory from a given export. This update adds a new mount option, "lookupcache=", which allows the NFS client to control how it caches files and directories. Note: The Red Hat Enterprise Linux 5.4 kernel update (the fourth regular update) must be installed in order to use the "lookupcache=" option. Also, "lookupcache=" is currently only available for NFS version 3. Support for NFS version 4 may be introduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat Bugzilla #511312 for further information. (BZ#489335)
Users of nfs-utils should upgrade to this updated package, which contains backported patches to correct these issues. After installing this update, the nfs service will be restarted automatically.
