openSUSE-SU-2017:0589-1

Опубликовано: 02 мар. 2017

Источник: suse-cvrf

Описание

Security update for util-linux

This update for util-linux fixes the following issues:

This security issue was fixed:

CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041).

This non-security issues were fixed:

lscpu: Implement WSL detection and work around crash (bsc#1019332)
fstrim: De-duplicate btrfs sub-volumes for 'fstrim -a' and bind mounts (bsc#1020077)
Fix regressions in safe loop re-use patch set for libmount (bsc#1012504)
Disable ro checks for mtab (bsc#1012632)
Ensure that the option 'users,exec,dev,suid' work as expected on NFS mounts (bsc#1008965)
Fix empty slave detection to prevent 100% CPU load in some cases (bsc#1020985)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2

libblkid-devel-2.28-10.1

libblkid-devel-32bit-2.28-10.1

libblkid-devel-static-2.28-10.1

libblkid1-2.28-10.1

libblkid1-32bit-2.28-10.1

libfdisk-devel-2.28-10.1

libfdisk-devel-static-2.28-10.1

libfdisk1-2.28-10.1

libmount-devel-2.28-10.1

libmount-devel-32bit-2.28-10.1

libmount-devel-static-2.28-10.1

libmount1-2.28-10.1

libmount1-32bit-2.28-10.1

libsmartcols-devel-2.28-10.1

libsmartcols-devel-static-2.28-10.1

libsmartcols1-2.28-10.1

libuuid-devel-2.28-10.1

libuuid-devel-32bit-2.28-10.1

libuuid-devel-static-2.28-10.1

libuuid1-2.28-10.1

libuuid1-32bit-2.28-10.1

python-libmount-2.28-10.2

util-linux-2.28-10.1

util-linux-lang-2.28-10.1

util-linux-systemd-2.28-10.1

uuidd-2.28-10.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00001.html
E-Mail link for openSUSE-SU-2017:0589-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

Затронутые продукты

openSUSE Leap 42.2:libblkid-devel-2.28-10.1

openSUSE Leap 42.2:libblkid-devel-32bit-2.28-10.1

openSUSE Leap 42.2:libblkid-devel-static-2.28-10.1

openSUSE Leap 42.2:libblkid1-2.28-10.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-2616.html
CVE-2017-2616
https://bugzilla.suse.com/1023041
SUSE Bug 1023041
https://bugzilla.suse.com/1123789
SUSE Bug 1123789

openSUSE-SU-2017:0589-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-2616

Описание

Затронутые продукты

Ссылки