-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2007-4532 2007-12-15 17:51:02 --------------------------------------------------------------------------------
Name : autofs Product : Fedora 8 Version : 5.0.2 Release : 20 URL : http://wiki.autofs.net/ Summary : A tool for automatically mounting and unmounting filesystems Description : autofs is a daemon which automatically mounts filesystems when you use them, and unmounts them later when you are not using them. This can include network filesystems, CD-ROMs, floppies, and so forth. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 13 2007 Ian Kent <[EMAIL PROTECTED]> - 5.0.2-20 - Bug 409701: CVE-2007-5964 Privilege Escalation (from local system) through /net autofs mount configuration bug - use mount option "nosuid" for "-hosts" map unless "suid" is explicily specified. * Tue Nov 20 2007 Ian Kent <[EMAIL PROTECTED]> - 5.0.2-17 - fix schema selection in LDAP schema discovery. - check for "*" when looking up wildcard in LDAP. - fix couple of edge case parse fails of timeout option. - add SEARCH_BASE configuration option. - add random selection as a master map entry option. - re-read config on HUP signal. - add LDAP_URI, LDAP_TIMEOUT and LDAP_NETWORK_TIMEOUT configuration options. - fix deadlock in submount mount module. - fix lack of ferror() checking when reading files. - fix typo in autofs(5) man page. - fix map entry expansion when undefined macro is present. - remove unused export validation code. - add dynamic logging (adapted from v4 patch from Jeff Moyer). - fix recursive loopback mounts (Matthias Koenig). - add map re-load to verbose logging. - fix handling of LDAP base dns with spaces. - handle MTAB_NOTUPDATED status return from mount. - when default master map, auto.master, is used also check for auto_master. - update negative mount timeout handling. - fix large group handling (Ryan Thomas). - fix for dynamic logging breaking non-sasl build (Guillaume Rousse). - eliminate NULL proc ping for singleton host or local mounts. -------------------------------------------------------------------------------- References: [ 1 ] Bug #409701 - CVE-2007-5964 Privilege Escalation (from local system) through /net autofs mount configuration bug https://bugzilla.redhat.com/show_bug.cgi?id=409701 -------------------------------------------------------------------------------- Updated packages: 4fc0785a999c423a2a11bc672daf94a8a50e151d autofs-5.0.2-20.ppc64.rpm 2d612eb0a7b23a40d4b59ebd940ddfb317ff1244 autofs-debuginfo-5.0.2-20.ppc64.rpm 45bc2344d12e15a79754cb3466380db170025fc8 autofs-5.0.2-20.i386.rpm 031e338c0e88eeb8209a5d08d2800c5145bdda16 autofs-debuginfo-5.0.2-20.i386.rpm 9eace023fd6c99c5cd72977fd48df099d86d7922 autofs-debuginfo-5.0.2-20.x86_64.rpm f52982ba06c755f070d054f75399ec5a329d97bd autofs-5.0.2-20.x86_64.rpm e4c9717cad79ba9fe16a58ae461e50eb9e691747 autofs-debuginfo-5.0.2-20.ppc.rpm f5ac7bc352deedca0e31b91efb41186631eff879 autofs-5.0.2-20.ppc.rpm eabd008808d8015a01e3a76d95f3aef5c47783c9 autofs-5.0.2-20.src.rpm This update can be installed with the "yum" update program. Use su -c 'yum update autofs' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce