LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 22nd, 2014
Linux Advisory Watch: September 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:083: util-linux Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities has been discovered and corrected in util-linux: mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:083
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : util-linux
 Date    : May 29, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in
 util-linux:
 
 mount in util-linux 2.19 and earlier attempts to append to the
 /etc/mtab.tmp file without first checking whether resource limits
 would interfere, which allows local users to trigger corruption of
 the /etc/mtab file via a process with a small RLIMIT_FSIZE value,
 a related issue to CVE-2011-1089 (CVE-2011-1675).
 
 mount in util-linux 2.19 and earlier does not remove the /etc/mtab~
 lock file after a failed attempt to add a mount entry, which has
 unspecified impact and local attack vectors (CVE-2011-1677).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1675
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1677
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 eb33512cb8c77f92e3ae20caf9816e21  2010.1/i586/libblkid1-2.17.1-5.2mdv2010.2.i586.rpm
 0d698e8c0285b41ac4f21da74055b53f  2010.1/i586/libblkid-devel-2.17.1-5.2mdv2010.2.i586.rpm
 20625cbebd2937da67473e412ba85002  2010.1/i586/libuuid1-2.17.1-5.2mdv2010.2.i586.rpm
 6447b8e0c59791f819d0167711e41c52  2010.1/i586/libuuid-devel-2.17.1-5.2mdv2010.2.i586.rpm
 3b268915155a2ba0344a818ac55a16da  2010.1/i586/util-linux-ng-2.17.1-5.2mdv2010.2.i586.rpm
 8cb97af8918c24b7c97fdba26d694654  2010.1/i586/uuidd-2.17.1-5.2mdv2010.2.i586.rpm 
 fa7cf3d671f48207748ddba3163d6e04  2010.1/SRPMS/util-linux-ng-2.17.1-5.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 5b7fbd17545d05402b7fd3093f478541  2010.1/x86_64/lib64blkid1-2.17.1-5.2mdv2010.2.x86_64.rpm
 668e001d143871750eb066d12c5caaaa  2010.1/x86_64/lib64blkid-devel-2.17.1-5.2mdv2010.2.x86_64.rpm
 54498dbf1f4b96e05c8c3f286f848498  2010.1/x86_64/lib64uuid1-2.17.1-5.2mdv2010.2.x86_64.rpm
 bd7221119d3fb8093eb1184b68201dbe  2010.1/x86_64/lib64uuid-devel-2.17.1-5.2mdv2010.2.x86_64.rpm
 713270191f5f0d960058618cf531b175  2010.1/x86_64/util-linux-ng-2.17.1-5.2mdv2010.2.x86_64.rpm
 4090da6706b918116d8d5c9b33629ba9  2010.1/x86_64/uuidd-2.17.1-5.2mdv2010.2.x86_64.rpm 
 fa7cf3d671f48207748ddba3163d6e04  2010.1/SRPMS/util-linux-ng-2.17.1-5.2mdv2010.2.src.rpm

 Mandriva Linux 2011:
 f4296ecbf617d6cf79d238c82a239ca1  2011/i586/libblkid1-2.19-3.2-mdv2011.0.i586.rpm
 f2589d8d181fadd8dd48b9e17e09753d  2011/i586/libblkid-devel-2.19-3.2-mdv2011.0.i586.rpm
 0b70339706521110774e4fe69855b084  2011/i586/libmount1-2.19-3.2-mdv2011.0.i586.rpm
 d0d6714a01f21bb5a63bdc796bb23842  2011/i586/libmount-devel-2.19-3.2-mdv2011.0.i586.rpm
 1c039ab95c469325cf1a569e83c71ce7  2011/i586/libuuid1-2.19-3.2-mdv2011.0.i586.rpm
 8c663e3959f2df874aac320573817cdb  2011/i586/libuuid-devel-2.19-3.2-mdv2011.0.i586.rpm
 f8114ff872f7a96862d378393f95e941  2011/i586/util-linux-2.19-3.2-mdv2011.0.i586.rpm
 0d526fe3160339f8257ac37fe446ba24  2011/i586/uuidd-2.19-3.2-mdv2011.0.i586.rpm 
 f769bd8d30ad0bbcb0fabd14a376cd35  2011/SRPMS/util-linux-2.19-3.2.src.rpm

 Mandriva Linux 2011/X86_64:
 d2e42bece7164b872cd9239730c77088  2011/x86_64/lib64blkid1-2.19-3.2-mdv2011.0.x86_64.rpm
 7eec7897a5eab8ea7ed4246878833e02  2011/x86_64/lib64blkid-devel-2.19-3.2-mdv2011.0.x86_64.rpm
 cfe9df69ce0232bcf01d1cfcf6d404b3  2011/x86_64/lib64mount1-2.19-3.2-mdv2011.0.x86_64.rpm
 19890d2f4785a5a3a5dcfa14965e6ee1  2011/x86_64/lib64mount-devel-2.19-3.2-mdv2011.0.x86_64.rpm
 b1ba68d40d06aabe0b210833f45018c2  2011/x86_64/lib64uuid1-2.19-3.2-mdv2011.0.x86_64.rpm
 3b47499459a4063e15669b7845278f07  2011/x86_64/lib64uuid-devel-2.19-3.2-mdv2011.0.x86_64.rpm
 9b818496386cbecdf91fb9f7ad053df5  2011/x86_64/util-linux-2.19-3.2-mdv2011.0.x86_64.rpm
 87bd197faa88b2b78ab8a24508eb6b20  2011/x86_64/uuidd-2.19-3.2-mdv2011.0.x86_64.rpm 
 f769bd8d30ad0bbcb0fabd14a376cd35  2011/SRPMS/util-linux-2.19-3.2.src.rpm

 Mandriva Enterprise Server 5:
 5b2a978234b5084ba8afad897d07074e  mes5/i586/util-linux-ng-2.14.1-4.3mdvmes5.2.i586.rpm 
 2613be1900a25de3f7816ec4b56c76df  mes5/SRPMS/util-linux-ng-2.14.1-4.3mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 c8166d1bacf04f5069a97c75714869c2  mes5/x86_64/util-linux-ng-2.14.1-4.3mdvmes5.2.x86_64.rpm 
 2613be1900a25de3f7816ec4b56c76df  mes5/SRPMS/util-linux-ng-2.14.1-4.3mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google to turn on encryption by default in next Android version
TOR users become FBI's No.1 hacking target after legal power grab
OWASP Releases Latest App Sec Guide
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.