Control: severity -1 serious On Di 16 Mai 2023 19:20:23 CEST, Michael Kiermaier wrote:
I consider this bug quite severe as it may break working setups after an update. The corresponding bug report for Ubuntu might be this one: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034261 It is the same bug reported on the autofs mailing list here: https://www.spinics.net/lists/autofs/msg02389.html Apparently, it has been introduced in the transition of autofs from 5.1.7 to 5.1.8. A fix has been posted here: https://www.spinics.net/lists/autofs/msg02391.html and again https://www.spinics.net/lists/autofs/msg02434.html
I share your view on this, thus bumping severity.The security team asked me to get the proposed patch into bookworm before the release.
This patch will need to be applied to Debian's version of autofs: https://mirrors.edge.kernel.org/pub/linux/daemons/autofs/v5/patches-5.1.9/autofs-5.1.8-fix-nfsv4-only-mounts-should-not-use-rpcbind.patch https://git.kernel.org/pub/scm/linux/storage/autofs/autofs.git/commit/?id=80845bbcbc264f19c6c6a81d680e1f2b1ea6d3cc I will work on this tomorrow. Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: [email protected], http://das-netzwerkteam.de
pgphirbvPsqDb.pgp
Description: Digitale PGP-Signatur
