Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » RHBA-2013:0068-01


Id RHBA-2013:0068-01
Name Red Hat 2013:0068-01 RHBA nfs-utils bug fix and enhancement update for RHEL 5 x86
Vendor Name red_hat
Product None
Content Type Recommended Recommended
Operating System(s) Linux 
Released On 07 Jan 2013 12:00:00


Red Hat 2013:0068-01 RHBA nfs-utils bug fix and enhancement update for RHEL 5 x86

Vendor Name




Released On

07 Jan 2013 12:00:00



The nfs-utils packages provide a daemon for the kernel Network File System (NFS) server, and related tools such as mount.nfs, umount.nfs, and showmount. This update fixes the following bugs: * After the ownership of the state directory is set to "rpcuser:rpcuser", the "rpc.statd" daemon drops its privileges. This led to a file access error when "rpc.statd" tried to unlink the backup directory at a later time. With this update, the ownership of the backup directory is set to be the same as the UID and GID of the "/var/lib/nfs/statd" directory. As a result, the problem no longer occurs. (BZ#782455) * Previously, in BZ#513094, the "noresvport option", which allows NFS clients to use insecure ports (ports above 1023), was added to the NFS server configuration options. Due to a regression, the umount tool was not interpreting the "resvport" and "noresvport" values correctly which in turn caused the unmount process to fail. With this update, the code has been improved to correctly handle the "resvport" and "noresvport" options and the umount tool now works as expected in the scenario described. The default is for NFS mounts to use reserved ports. (BZ#783147) * The NFS mount daemon allows a user to disable version 2 of the NFS protocol by changing the value of the "MOUNTD_NFS_V2" option in the "/etc/sysconfig/nfs" configuration file to "no". This setting also disables NFS version 1 and therefore NFS shares are mounted by the client with NFS version 3. Previously, the code for unmounting a shared file system from a server with such a configuration attempted to use NFS version 1 and failed with an error. This update applies a patch that addresses this issue so that shared file systems can now be unmounted as expected in the scenario described. (BZ#804681) This update also adds the following enhancement: * A timeout option, "-t, --timeout", has been added to the client side "rpc.gssd" daemon so that the administrator of an NFS client can specify a timeout period for expiry of the Kerberos GSS (General Security Services) share context cache in the kernel. After the timeout interval, "rpc.gssd" is consulted to create a new context. By default, the timeout value is "0", that is to say no timeout at all. This follows the previous behavior where the expiry of kernel GSS contexts is the same as the expiry of the Kerberos ticket used in its creation. (BZ#507341) All users of nfs-utils are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

Related Resources

Related Vulnerabilities


Related Patches


Superseded Patches


Last Updated: 27 May 2016 11:16:06