Bug 18922

Summary: util-linux new security issue CVE-2016-5011
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/694627/
Whiteboard: has_procedure mga5-64-ok advisory
Source RPM: util-linux-2.25.2-3.2.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-07-11 13:45:04 CEST 
A security issue fixed upstream in util-linux has been announced today (July 11):
http://openwall.com/lists/oss-security/2016/07/11/2

Patched packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated util-linux packages fix security vulnerability:

The util-linux libblkid is vulnerable to a Denial of Service attack during
MSDOS partition table parsing, in the extended partition boot record (EBR).
If the next EBR starts at relative offset 0, parse_dos_extended() will loop
until running out of memory. An attacker could install a specially crafted
MSDOS partition table in a storage device and trick a user into using it.
This library is used, among others, by systemd-udevd daemon (CVE-2016-5011).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011
http://openwall.com/lists/oss-security/2016/07/11/2
========================

Updated packages in core/updates_testing:
========================
util-linux-2.25.2-3.3.mga5
libblkid1-2.25.2-3.3.mga5
libblkid-devel-2.25.2-3.3.mga5
libuuid1-2.25.2-3.3.mga5
libuuid-devel-2.25.2-3.3.mga5
uuidd-2.25.2-3.3.mga5
python-libmount-2.25.2-3.3.mga5
libmount1-2.25.2-3.3.mga5
libmount-devel-2.25.2-3.3.mga5
libsmartcols1-2.25.2-3.3.mga5
libsmartcols-devel-2.25.2-3.3.mga5

from util-linux-2.25.2-3.3.mga5.src.rpm
Comment 1 David Walser 2016-07-12 17:33:14 CEST 
The initial fix was incomplete:
http://openwall.com/lists/oss-security/2016/07/12/6

Second patch added and packages rebuilt.

Updated packages in core/updates_testing:
========================
util-linux-2.25.2-3.4.mga5
libblkid1-2.25.2-3.4.mga5
libblkid-devel-2.25.2-3.4.mga5
libuuid1-2.25.2-3.4.mga5
libuuid-devel-2.25.2-3.4.mga5
uuidd-2.25.2-3.4.mga5
python-libmount-2.25.2-3.4.mga5
libmount1-2.25.2-3.4.mga5
libmount-devel-2.25.2-3.4.mga5
libsmartcols1-2.25.2-3.4.mga5
libsmartcols-devel-2.25.2-3.4.mga5

from util-linux-2.25.2-3.4.mga5.src.rpm
Comment 2 claire robinson 2016-07-14 18:10:51 CEST 
Testing complete mga5 64

Checked rpmdiff on madb, numerous patches applied.

# urpmi util-linux lib64blkid1 lib64uuid1 uuidd python-libmount lib64mount1 lib64smartcols1
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "Core Updates Testing")
  lib64blkid-devel               2.25.2       3.4.mga5      x86_64  
  lib64blkid1                    2.25.2       3.4.mga5      x86_64  
  lib64mount1                    2.25.2       3.4.mga5      x86_64  
  lib64smartcols1                2.25.2       3.4.mga5      x86_64  
  lib64uuid1                     2.25.2       3.4.mga5      x86_64  
  python-libmount                2.25.2       3.4.mga5      x86_64  
  util-linux                     2.25.2       3.4.mga5      x86_64  
  uuidd                          2.25.2       3.4.mga5      x86_64  
124KB of additional disk space will be used.
2.1MB of packages will be retrieved.
Proceed with the installation of the 8 packages? (Y/n) y

Ran blkid to ensure sane output as the patch affects libblkid. Checked uuidd could be started..

# systemctl start uuidd.service    
# systemctl status uuidd.service 
รข uuidd.service - Daemon for generating UUIDs
   Loaded: loaded (/usr/lib/systemd/system/uuidd.service; static)
   Active: active (running) since Thu 2016-07-14 16:59:50 BST; 1s ago

Tested a few commands from the list..
# urpmf util-linux | grep bin

Finally rebooted to check for anything odd. Nothing odd noticed.

Whiteboard: (none) => has_procedure mga5-64-ok

Dave Hodgins 2016-07-14 20:10:12 CEST

Keywords: (none) => validated_update
Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-64-ok advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2016-07-14 22:34:51 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0256.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2016-07-15 22:57:13 CEST

URL: (none) => http://lwn.net/Vulnerabilities/694627/