exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2012-083

Mandriva Linux Security Advisory 2012-083
Posted May 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-083 - Multiple vulnerabilities have been discovered and corrected in util-linux. mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct this issue.

tags | advisory, local, vulnerability
systems | linux, mandriva
advisories | CVE-2011-1675, CVE-2011-1677
SHA-256 | 9f2d5ece52fc0a4e6ef741dd56347d53587505feec92ac9c027216e42692a92e

Mandriva Linux Security Advisory 2012-083

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:083
http://www.mandriva.com/security/
_______________________________________________________________________

Package : util-linux
Date : May 29, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in
util-linux:

mount in util-linux 2.19 and earlier attempts to append to the
/etc/mtab.tmp file without first checking whether resource limits
would interfere, which allows local users to trigger corruption of
the /etc/mtab file via a process with a small RLIMIT_FSIZE value,
a related issue to CVE-2011-1089 (CVE-2011-1675).

mount in util-linux 2.19 and earlier does not remove the /etc/mtab~
lock file after a failed attempt to add a mount entry, which has
unspecified impact and local attack vectors (CVE-2011-1677).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1677
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
eb33512cb8c77f92e3ae20caf9816e21 2010.1/i586/libblkid1-2.17.1-5.2mdv2010.2.i586.rpm
0d698e8c0285b41ac4f21da74055b53f 2010.1/i586/libblkid-devel-2.17.1-5.2mdv2010.2.i586.rpm
20625cbebd2937da67473e412ba85002 2010.1/i586/libuuid1-2.17.1-5.2mdv2010.2.i586.rpm
6447b8e0c59791f819d0167711e41c52 2010.1/i586/libuuid-devel-2.17.1-5.2mdv2010.2.i586.rpm
3b268915155a2ba0344a818ac55a16da 2010.1/i586/util-linux-ng-2.17.1-5.2mdv2010.2.i586.rpm
8cb97af8918c24b7c97fdba26d694654 2010.1/i586/uuidd-2.17.1-5.2mdv2010.2.i586.rpm
fa7cf3d671f48207748ddba3163d6e04 2010.1/SRPMS/util-linux-ng-2.17.1-5.2mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
5b7fbd17545d05402b7fd3093f478541 2010.1/x86_64/lib64blkid1-2.17.1-5.2mdv2010.2.x86_64.rpm
668e001d143871750eb066d12c5caaaa 2010.1/x86_64/lib64blkid-devel-2.17.1-5.2mdv2010.2.x86_64.rpm
54498dbf1f4b96e05c8c3f286f848498 2010.1/x86_64/lib64uuid1-2.17.1-5.2mdv2010.2.x86_64.rpm
bd7221119d3fb8093eb1184b68201dbe 2010.1/x86_64/lib64uuid-devel-2.17.1-5.2mdv2010.2.x86_64.rpm
713270191f5f0d960058618cf531b175 2010.1/x86_64/util-linux-ng-2.17.1-5.2mdv2010.2.x86_64.rpm
4090da6706b918116d8d5c9b33629ba9 2010.1/x86_64/uuidd-2.17.1-5.2mdv2010.2.x86_64.rpm
fa7cf3d671f48207748ddba3163d6e04 2010.1/SRPMS/util-linux-ng-2.17.1-5.2mdv2010.2.src.rpm

Mandriva Linux 2011:
f4296ecbf617d6cf79d238c82a239ca1 2011/i586/libblkid1-2.19-3.2-mdv2011.0.i586.rpm
f2589d8d181fadd8dd48b9e17e09753d 2011/i586/libblkid-devel-2.19-3.2-mdv2011.0.i586.rpm
0b70339706521110774e4fe69855b084 2011/i586/libmount1-2.19-3.2-mdv2011.0.i586.rpm
d0d6714a01f21bb5a63bdc796bb23842 2011/i586/libmount-devel-2.19-3.2-mdv2011.0.i586.rpm
1c039ab95c469325cf1a569e83c71ce7 2011/i586/libuuid1-2.19-3.2-mdv2011.0.i586.rpm
8c663e3959f2df874aac320573817cdb 2011/i586/libuuid-devel-2.19-3.2-mdv2011.0.i586.rpm
f8114ff872f7a96862d378393f95e941 2011/i586/util-linux-2.19-3.2-mdv2011.0.i586.rpm
0d526fe3160339f8257ac37fe446ba24 2011/i586/uuidd-2.19-3.2-mdv2011.0.i586.rpm
f769bd8d30ad0bbcb0fabd14a376cd35 2011/SRPMS/util-linux-2.19-3.2.src.rpm

Mandriva Linux 2011/X86_64:
d2e42bece7164b872cd9239730c77088 2011/x86_64/lib64blkid1-2.19-3.2-mdv2011.0.x86_64.rpm
7eec7897a5eab8ea7ed4246878833e02 2011/x86_64/lib64blkid-devel-2.19-3.2-mdv2011.0.x86_64.rpm
cfe9df69ce0232bcf01d1cfcf6d404b3 2011/x86_64/lib64mount1-2.19-3.2-mdv2011.0.x86_64.rpm
19890d2f4785a5a3a5dcfa14965e6ee1 2011/x86_64/lib64mount-devel-2.19-3.2-mdv2011.0.x86_64.rpm
b1ba68d40d06aabe0b210833f45018c2 2011/x86_64/lib64uuid1-2.19-3.2-mdv2011.0.x86_64.rpm
3b47499459a4063e15669b7845278f07 2011/x86_64/lib64uuid-devel-2.19-3.2-mdv2011.0.x86_64.rpm
9b818496386cbecdf91fb9f7ad053df5 2011/x86_64/util-linux-2.19-3.2-mdv2011.0.x86_64.rpm
87bd197faa88b2b78ab8a24508eb6b20 2011/x86_64/uuidd-2.19-3.2-mdv2011.0.x86_64.rpm
f769bd8d30ad0bbcb0fabd14a376cd35 2011/SRPMS/util-linux-2.19-3.2.src.rpm

Mandriva Enterprise Server 5:
5b2a978234b5084ba8afad897d07074e mes5/i586/util-linux-ng-2.14.1-4.3mdvmes5.2.i586.rpm
2613be1900a25de3f7816ec4b56c76df mes5/SRPMS/util-linux-ng-2.14.1-4.3mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
c8166d1bacf04f5069a97c75714869c2 mes5/x86_64/util-linux-ng-2.14.1-4.3mdvmes5.2.x86_64.rpm
2613be1900a25de3f7816ec4b56c76df mes5/SRPMS/util-linux-ng-2.14.1-4.3mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPxJvJmqjQ0CJFipgRAruMAKCyJ1H4ORN+SniMzHz0ppCmQXUQ5gCg3r9F
hzavW7FUgY5jLG/66aYVH6k=
=X0Oo
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close