Fedora has issued an advisory on December 1: https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html Patched package uploaded for Cauldron. Updated (to 2.24.2) and patched package uploaded for Mageia 4. There's more info on the RedHat bug and oss-security thread linked from there: https://bugzilla.redhat.com/show_bug.cgi?id=1168485 Advisory: ======================== Updated util-linux packages fix security vulnerability: Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges (CVE-2014-9114). The util-linux package has been updated to version 2.24.2 and patched to fix this issue and other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114 ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.24/v2.24.1-ReleaseNotes ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.24/v2.24.2-ReleaseNotes https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html ======================== Updated packages in core/updates_testing: ======================== util-linux-2.24.2-1.mga4 libblkid1-2.24.2-1.mga4 libblkid-devel-2.24.2-1.mga4 libuuid1-2.24.2-1.mga4 libuuid-devel-2.24.2-1.mga4 uuidd-2.24.2-1.mga4 libmount1-2.24.2-1.mga4 libmount-devel-2.24.2-1.mga4 from util-linux-2.24.2-1.mga4.src.rpm Reproducible: Steps to Reproduce:
URL: (none) => http://lwn.net/Vulnerabilities/624610/
Testing MGA4-64 ob HP Probook 6555b Installed all packages mentioned above, no problems encountered. Checked Fedora advisory, this mentions fdisk and login. Rebooted the system, login is OK. As root at CLI: fdisk -v returns fdisk from util-linux 2.24.2 and fdisk -l returns the correct list of partitions on /dev/sda
CC: (none) => herman.viaeneWhiteboard: (none) => MGA4-64-OK
Also check if bootup times have changed (to help check if it's glibc that adds to bootup time as reported in https://bugs.mageia.org/show_bug.cgi?id=14688)
CC: (none) => tmb
if it's glibc *or* util-linux
It did not exactly time bootup, but nothing particular has been drawing my attention. Certainly not in the range as David reported.
Testing on Mageia4-64 in VM Testing packages : - util-linux-2.24.2-1.mga4.x86_64 - glibc-2.18-9.6.mga4.x86_64 - lib64blkid1-2.24.2-1.mga4.x86_64 - lib64mount1-2.24.2-1.mga4.x86_64 - lib64uuid1-2.24.2-1.mga4.x86_64 - uuidd-2.24.2-1.mga4.x86_64 Didn't notice anything untoward, no change in boot time either.
CC: (none) => olchal
Testing complete mga4 32 No issues at reboot or fdisk, blkid or mounting smb shares or local partitions.
Whiteboard: MGA4-64-OK => MGA4-64-OK mga4-32-ok has_procedure
Validating. I'll upload the advisory shortly Please push to updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA4-64-OK mga4-32-ok has_procedure => advisory MGA4-64-OK mga4-32-ok has_procedure
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0517.html
Status: NEW => RESOLVEDResolution: (none) => FIXED