| Summary: | util-linux security issues CVE-2011-1675 and CVE-2011-1677 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, dmorganec, olivier.delaune, sysadmin-bugs, thierry.vignaud, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | util-linux-ng-2.18-4.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-04-06 18:19:23 CEST
David Walser
2012-04-07 05:17:00 CEST
CC:
(none) =>
tmb
David Walser
2012-04-07 05:17:09 CEST
CC:
(none) =>
dmorganec
David Walser
2012-04-07 05:17:30 CEST
CC:
(none) =>
thierry.vignaud Here's another RedHat advisory for these CVEs from December 6: https://rhn.redhat.com/errata/RHSA-2011-1691.html Patched package uploaded. Advisory: ======================== Updated util-linux-ng packages fix security vulnerabilities: Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems (CVE-2011-1675, CVE-2011-1677). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1677 https://rhn.redhat.com/errata/RHSA-2011-1691.html ======================== Updated packages in core/updates_testing: ======================== util-linux-ng-2.18-4.1.mga1 libblkid1-2.18-4.1.mga1 libblkid-devel-2.18-4.1.mga1 libuuid1-2.18-4.1.mga1 libuuid-devel-2.18-4.1.mga1 uuidd-2.18-4.1.mga1 libmount1-2.18-4.1.mga1 libmount-devel-2.18-4.1.mga1 from util-linux-ng-2.18-4.1.mga1.src.rpm Assignee:
bugsquad =>
qa-bugs Installed on x86_64 No change was observed. Is there any stuff to check with this package before push it in update? CC:
(none) =>
olivier.delaune If mount and umount work, and both update /etc/mtab properly, then this is good to go. It needs to be tested on i586 as well before pushing to updates. Ok, I mounted and unmounted usb key without any trouble. /etc/mtab was correctly updated. Testing complete on i586. Login, mount/umount all working properly. Although on cauldron rather then Mageia 1, the same update seems to have fixed bug 5337. Could someone from the sysadmin team push the srpm util-linux-ng-2.18-4.1.mga1.src.rpm from Core Updates Testing to Core Updates. Advisory: Updated util-linux-ng packages fix security vulnerabilities: Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems (CVE-2011-1675, CVE-2011-1677). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1677 https://rhn.redhat.com/errata/RHSA-2011-1691.html https://bugs.mageia.org/show_bug.cgi?id=5258 Keywords:
(none) =>
validated_update Update pushed Status:
NEW =>
RESOLVED |