RedHat has issued this advisory on February 21: https://rhn.redhat.com/errata/RHSA-2012-0307.html Cauldron is not vulnerable.
CC: (none) => tmb
CC: (none) => dmorganec
CC: (none) => thierry.vignaud
Here's another RedHat advisory for these CVEs from December 6: https://rhn.redhat.com/errata/RHSA-2011-1691.html
Patched package uploaded. Advisory: ======================== Updated util-linux-ng packages fix security vulnerabilities: Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems (CVE-2011-1675, CVE-2011-1677). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1677 https://rhn.redhat.com/errata/RHSA-2011-1691.html ======================== Updated packages in core/updates_testing: ======================== util-linux-ng-2.18-4.1.mga1 libblkid1-2.18-4.1.mga1 libblkid-devel-2.18-4.1.mga1 libuuid1-2.18-4.1.mga1 libuuid-devel-2.18-4.1.mga1 uuidd-2.18-4.1.mga1 libmount1-2.18-4.1.mga1 libmount-devel-2.18-4.1.mga1 from util-linux-ng-2.18-4.1.mga1.src.rpm
Assignee: bugsquad => qa-bugs
Installed on x86_64 No change was observed. Is there any stuff to check with this package before push it in update?
CC: (none) => olivier.delaune
If mount and umount work, and both update /etc/mtab properly, then this is good to go. It needs to be tested on i586 as well before pushing to updates.
Ok, I mounted and unmounted usb key without any trouble. /etc/mtab was correctly updated.
Testing complete on i586. Login, mount/umount all working properly. Although on cauldron rather then Mageia 1, the same update seems to have fixed bug 5337. Could someone from the sysadmin team push the srpm util-linux-ng-2.18-4.1.mga1.src.rpm from Core Updates Testing to Core Updates. Advisory: Updated util-linux-ng packages fix security vulnerabilities: Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems (CVE-2011-1675, CVE-2011-1677). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1677 https://rhn.redhat.com/errata/RHSA-2011-1691.html https://bugs.mageia.org/show_bug.cgi?id=5258
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
Update pushed
Status: NEW => RESOLVEDResolution: (none) => FIXED