Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2954-1

Опубликовано: 30 нояб. 2016
Источник: suse-cvrf

Описание

Security update for util-linux

This update for util-linux fixes the following issues:

  • Consider redundant slashes when comparing paths (bsc#982331, util-linux-libmount-ignore-redundant-slashes.patch, affects backport of util-linux-libmount-cifs-is_mounted.patch).

  • Use upstream compatibility patches for --show-pt-geometry with obsolescence and deprecation warning (bsc#990531)

  • Replace cifs mount detection patch with upstream one that covers all cases (bsc#987176).

  • Reuse existing loop device to prevent possible data corruption when multiple -o loop are used to mount a single file (bsc#947494)

  • Safe loop re-use in libmount, mount and losetup (bsc#947494)

  • UPSTREAM DIVERGENCE!!! losetup -L continues to use SLE12 SP1 and SP2 specific meaning --logical-blocksize instead of upstream --nooverlap (bsc#966891).

  • Make release-dependent conflict with old sysvinit-tools SLE specific, as it is required only for SLE 11 upgrade, and breaks openSUSE staging builds (bsc#994399).

  • Extended partition loop in MBR partition table leads to DoS (bsc#988361, CVE-2016-5011)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
libblkid1-2.28-42.1
libblkid1-32bit-2.28-42.1
libfdisk1-2.28-42.1
libmount1-2.28-42.1
libmount1-32bit-2.28-42.1
libsmartcols1-2.28-42.1
libuuid-devel-2.28-42.1
libuuid1-2.28-42.1
libuuid1-32bit-2.28-42.1
python-libmount-2.28-42.4
util-linux-2.28-42.1
util-linux-lang-2.28-42.1
util-linux-systemd-2.28-42.3
uuidd-2.28-42.3
SUSE Linux Enterprise Server 12 SP2
libblkid1-2.28-42.1
libblkid1-32bit-2.28-42.1
libfdisk1-2.28-42.1
libmount1-2.28-42.1
libmount1-32bit-2.28-42.1
libsmartcols1-2.28-42.1
libuuid1-2.28-42.1
libuuid1-32bit-2.28-42.1
python-libmount-2.28-42.4
util-linux-2.28-42.1
util-linux-lang-2.28-42.1
util-linux-systemd-2.28-42.3
uuidd-2.28-42.3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libblkid1-2.28-42.1
libfdisk1-2.28-42.1
libmount1-2.28-42.1
libsmartcols1-2.28-42.1
libuuid1-2.28-42.1
python-libmount-2.28-42.4
util-linux-2.28-42.1
util-linux-lang-2.28-42.1
util-linux-systemd-2.28-42.3
uuidd-2.28-42.3
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libblkid1-2.28-42.1
libblkid1-32bit-2.28-42.1
libfdisk1-2.28-42.1
libmount1-2.28-42.1
libmount1-32bit-2.28-42.1
libsmartcols1-2.28-42.1
libuuid1-2.28-42.1
libuuid1-32bit-2.28-42.1
python-libmount-2.28-42.4
util-linux-2.28-42.1
util-linux-lang-2.28-42.1
util-linux-systemd-2.28-42.3
uuidd-2.28-42.3
SUSE Linux Enterprise Software Development Kit 12 SP2
libblkid-devel-2.28-42.1
libmount-devel-2.28-42.1
libsmartcols-devel-2.28-42.1
libuuid-devel-2.28-42.1
SUSE Linux Enterprise Workstation Extension 12 SP2
libuuid-devel-2.28-42.1

Ссылки

Описание

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libblkid1-2.28-42.1
SUSE Linux Enterprise Desktop 12 SP2:libblkid1-32bit-2.28-42.1
SUSE Linux Enterprise Desktop 12 SP2:libfdisk1-2.28-42.1
SUSE Linux Enterprise Desktop 12 SP2:libmount1-2.28-42.1
Ссылки
Уязвимость SUSE-SU-2016:2954-1