openSUSE-SU-2016:3102-1

Опубликовано: 12 дек. 2016

Источник: suse-cvrf

Описание

Security update for util-linux

This update for util-linux fixes the following issues:

Consider redundant slashes when comparing paths (bsc#982331, util-linux-libmount-ignore-redundant-slashes.patch, affects backport of util-linux-libmount-cifs-is_mounted.patch).
Use upstream compatibility patches for --show-pt-geometry with obsolescence and deprecation warning (bsc#990531)
Replace cifs mount detection patch with upstream one that covers all cases (bsc#987176).
Reuse existing loop device to prevent possible data corruption when multiple -o loop are used to mount a single file (bsc#947494)
Safe loop re-use in libmount, mount and losetup (bsc#947494)
UPSTREAM DIVERGENCE!!! losetup -L continues to use SLE12 SP1 and SP2 specific meaning --logical-blocksize instead of upstream --nooverlap (bsc#966891).
Make release-dependent conflict with old sysvinit-tools SLE specific, as it is required only for SLE 11 upgrade, and breaks openSUSE staging builds (bsc#994399).
Extended partition loop in MBR partition table leads to DoS (bsc#988361, CVE-2016-5011)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2

libblkid-devel-2.28-7.1

libblkid-devel-32bit-2.28-7.1

libblkid-devel-static-2.28-7.1

libblkid1-2.28-7.1

libblkid1-32bit-2.28-7.1

libfdisk-devel-2.28-7.1

libfdisk-devel-static-2.28-7.1

libfdisk1-2.28-7.1

libmount-devel-2.28-7.1

libmount-devel-32bit-2.28-7.1

libmount-devel-static-2.28-7.1

libmount1-2.28-7.1

libmount1-32bit-2.28-7.1

libsmartcols-devel-2.28-7.1

libsmartcols-devel-static-2.28-7.1

libsmartcols1-2.28-7.1

libuuid-devel-2.28-7.1

libuuid-devel-32bit-2.28-7.1

libuuid-devel-static-2.28-7.1

libuuid1-2.28-7.1

libuuid1-32bit-2.28-7.1

python-libmount-2.28-7.2

util-linux-2.28-7.1

util-linux-lang-2.28-7.1

util-linux-systemd-2.28-7.1

uuidd-2.28-7.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-12/msg00078.html
E-Mail link for openSUSE-SU-2016:3102-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

Затронутые продукты

openSUSE Leap 42.2:libblkid-devel-2.28-7.1

openSUSE Leap 42.2:libblkid-devel-32bit-2.28-7.1

openSUSE Leap 42.2:libblkid-devel-static-2.28-7.1

openSUSE Leap 42.2:libblkid1-2.28-7.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-5011.html
CVE-2016-5011
https://bugzilla.suse.com/988361
SUSE Bug 988361

openSUSE-SU-2016:3102-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-5011

Описание

Затронутые продукты

Ссылки