Описание
Security update for util-linux
This update for util-linux fixes a number of bugs and two security issues.
The following security bugs were fixed:
- CVE-2016-5011: Infinite loop DoS in libblkid while parsing DOS partition (bsc#988361)
- CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041).
The following non-security bugs were fixed:
- bsc#1008965: Ensure that the option 'users,exec,dev,suid' work as expected on NFS mounts
- bsc#1012504: Fix regressions in safe loop re-use patch set for libmount
- bsc#1012632: Disable ro checks for mtab
- bsc#1020077: fstrim: De-duplicate btrfs sub-volumes for 'fstrim -a' and bind mounts
- bsc#947494: mount -a would fail to recognize btrfs already mounted, address loop re-use in libmount
- bsc#966891: Conflict in meaning of losetup -L. This switch in SLE12 SP1 and SP2 continues to carry the meaning of --logical-blocksize instead of upstream --nooverlap
- bsc#978993: cfdisk would mangle some text output
- bsc#982331: libmount: ignore redundant slashes
- bsc#983164: mount uid= and gid= would reject valid non UID/GID values
- bsc#987176: When mounting a subfolder of a CIFS share, mount -a would show the mount as busy
- bsc#1019332: lscpu: Implement WSL detection and work around crash
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
libblkid1-2.25-24.10.1
libblkid1-32bit-2.25-24.10.1
libmount1-2.25-24.10.1
libmount1-32bit-2.25-24.10.1
libsmartcols1-2.25-24.10.1
libuuid1-2.25-24.10.1
libuuid1-32bit-2.25-24.10.1
python-libmount-2.25-24.10.3
util-linux-2.25-24.10.1
util-linux-lang-2.25-24.10.1
util-linux-systemd-2.25-24.10.1
uuidd-2.25-24.10.1
SUSE Linux Enterprise Server for SAP Applications 12
libblkid1-2.25-24.10.1
libblkid1-32bit-2.25-24.10.1
libmount1-2.25-24.10.1
libmount1-32bit-2.25-24.10.1
libsmartcols1-2.25-24.10.1
libuuid1-2.25-24.10.1
libuuid1-32bit-2.25-24.10.1
python-libmount-2.25-24.10.3
util-linux-2.25-24.10.1
util-linux-lang-2.25-24.10.1
util-linux-systemd-2.25-24.10.1
uuidd-2.25-24.10.1
Ссылки
- Link for SUSE-SU-2017:0553-1
- E-Mail link for SUSE-SU-2017:0553-1
- SUSE Security Ratings
- SUSE Bug 1008965
- SUSE Bug 1012504
- SUSE Bug 1012632
- SUSE Bug 1019332
- SUSE Bug 1020077
- SUSE Bug 1023041
- SUSE Bug 947494
- SUSE Bug 966891
- SUSE Bug 978993
- SUSE Bug 982331
- SUSE Bug 983164
- SUSE Bug 987176
- SUSE Bug 988361
- SUSE CVE CVE-2016-5011 page
- SUSE CVE CVE-2017-2616 page
Описание
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libblkid1-2.25-24.10.1
SUSE Linux Enterprise Server 12-LTSS:libblkid1-32bit-2.25-24.10.1
SUSE Linux Enterprise Server 12-LTSS:libmount1-2.25-24.10.1
SUSE Linux Enterprise Server 12-LTSS:libmount1-32bit-2.25-24.10.1
Ссылки
- CVE-2016-5011
- SUSE Bug 988361
Описание
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libblkid1-2.25-24.10.1
SUSE Linux Enterprise Server 12-LTSS:libblkid1-32bit-2.25-24.10.1
SUSE Linux Enterprise Server 12-LTSS:libmount1-2.25-24.10.1
SUSE Linux Enterprise Server 12-LTSS:libmount1-32bit-2.25-24.10.1
Ссылки
- CVE-2017-2616
- SUSE Bug 1023041
- SUSE Bug 1123789