Advisories

Mandriva Advisories

Package name	util-linux
Date	September 20th, 2005
Advisory ID	MDKSA-2005:167
Affected versions	10.0, 10.1, CS2.1, CS3.0, MNF2.0, 10.2
Synopsis	Updated util-linux packages fix umount vulnerability

Problem Description

David Watson disovered that the umount utility, when using the "-r"
cpmmand, could remove some restrictive mount options such as "nosuid".
IF /etc/fstab contained user-mountable removable devices that specified
nosuid, a local attacker could exploit this flaw to execute arbitrary
programs with root privileges by calling "umount -r" on a removable
device.

The updated packages have been patched to ensure that "-r" can only
be called by the root user.

Updated Packages

Mandrakelinux 10.0

 e28c42b0a18bf906ea339ffeb02d3320  10.0/RPMS/losetup-2.12-2.1.100mdk.i586.rpm
6dd9d97f688ab7b872dba55b9c427935  10.0/RPMS/mount-2.12-2.1.100mdk.i586.rpm
b23bbbec6f75fbe1f2137f1335f782f9  10.0/RPMS/util-linux-2.12-2.1.100mdk.i586.rpm
0c84336fe4e647fe4b35686e6e938a8f  10.0/SRPMS/util-linux-2.12-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 1c972124af9eba5acc9691931e5629c8  amd64/10.0/RPMS/losetup-2.12-2.1.100mdk.amd64.rpm
2a0367d603f4c8e893e7f0ec158132e5  amd64/10.0/RPMS/mount-2.12-2.1.100mdk.amd64.rpm
4fe57def6145640a886feb35deb77a6d  amd64/10.0/RPMS/util-linux-2.12-2.1.100mdk.amd64.rpm
0c84336fe4e647fe4b35686e6e938a8f  amd64/10.0/SRPMS/util-linux-2.12-2.1.100mdk.src.rpm

Mandrakelinux 10.1

 658b5ee36c137e2533397ac71aa86e0e  10.1/RPMS/losetup-2.12a-5.1.101mdk.i586.rpm
b15ae4dbd367fcd46e38d418bb3d1a86  10.1/RPMS/mount-2.12a-5.1.101mdk.i586.rpm
701b35a4588f4ce5879b651724f72a1d  10.1/RPMS/util-linux-2.12a-5.1.101mdk.i586.rpm
f1bbf1462e0f0987ce110388bd2e8d48  10.1/SRPMS/util-linux-2.12a-5.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 fbd4672670283fd495a652d0338467d4  x86_64/10.1/RPMS/losetup-2.12a-5.1.101mdk.x86_64.rpm
b1773a98c38538db35e2c4fd8aa5e100  x86_64/10.1/RPMS/mount-2.12a-5.1.101mdk.x86_64.rpm
8a4e15cdaaa7efe10c7830a9cda27523  x86_64/10.1/RPMS/util-linux-2.12a-5.1.101mdk.x86_64.rpm
f1bbf1462e0f0987ce110388bd2e8d48  x86_64/10.1/SRPMS/util-linux-2.12a-5.1.101mdk.src.rpm

Corporate Server 2.1

 d560b7038ca8ae848b24414858fac1ef  corporate/2.1/RPMS/losetup-2.11u-5.1.C21mdk.i586.rpm
81bf701d8b8129c0809c37205d4fbad0  corporate/2.1/RPMS/mount-2.11u-5.1.C21mdk.i586.rpm
321463758b000a1e7348111f7bea2959  corporate/2.1/RPMS/util-linux-2.11u-5.1.C21mdk.i586.rpm
b1d2f438863cd5c807548ec4209b0179  corporate/2.1/SRPMS/util-linux-2.11u-5.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 141b7b38947d1fd2ef4088ba20e093f1  x86_64/corporate/2.1/RPMS/losetup-2.11u-5.1.C21mdk.x86_64.rpm
ddb3ee3ebe56b399ff881806f9cd8832  x86_64/corporate/2.1/RPMS/mount-2.11u-5.1.C21mdk.x86_64.rpm
a61050516b99231bca46507fa94aa5e8  x86_64/corporate/2.1/RPMS/util-linux-2.11u-5.1.C21mdk.x86_64.rpm
b1d2f438863cd5c807548ec4209b0179  x86_64/corporate/2.1/SRPMS/util-linux-2.11u-5.1.C21mdk.src.rpm

Corporate Server 3.0

 bbcce593f1b51833383997590a13b834  corporate/3.0/RPMS/losetup-2.12-2.1.C30mdk.i586.rpm
bb38ae724541d9c73ac64d382d4839e8  corporate/3.0/RPMS/mount-2.12-2.1.C30mdk.i586.rpm
55420d5f1fa9c7cc7f6e42f61c0428fc  corporate/3.0/RPMS/util-linux-2.12-2.1.C30mdk.i586.rpm
28f6b881c65662695c84ac100ea9d012  corporate/3.0/SRPMS/util-linux-2.12-2.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 3d96c512a6eaf548bef73c7fc3db5012  x86_64/corporate/3.0/RPMS/losetup-2.12-2.1.C30mdk.x86_64.rpm
21d37d4ebb7943cf412a3bb423808fc5  x86_64/corporate/3.0/RPMS/mount-2.12-2.1.C30mdk.x86_64.rpm
75fa21eea372a790a6f1c3a8a120cb7e  x86_64/corporate/3.0/RPMS/util-linux-2.12-2.1.C30mdk.x86_64.rpm
28f6b881c65662695c84ac100ea9d012  x86_64/corporate/3.0/SRPMS/util-linux-2.12-2.1.C30mdk.src.rpm

Multi Network Firewall 2.0

 765b0e93637cce9d5b623a81bdc81e6e  mnf/2.0/RPMS/losetup-2.12-2.1.M20mdk.i586.rpm
782d8a37c484ab76ae766dddcce2173e  mnf/2.0/RPMS/mount-2.12-2.1.M20mdk.i586.rpm
d6f35d4ccdb1cb9dcd21218ca5d6da72  mnf/2.0/RPMS/util-linux-2.12-2.1.M20mdk.i586.rpm
360a0c2f0e8d383b09a7eb44d1e654a2  mnf/2.0/SRPMS/util-linux-2.12-2.1.M20mdk.src.rpm

Mandriva Linux LE2005

 8314ea4ec99e8e603fb2da6941aae1d9  10.2/RPMS/losetup-2.12a-12.1.102mdk.i586.rpm
2a8a83e0e36295db943fc51a4aee863f  10.2/RPMS/mount-2.12a-12.1.102mdk.i586.rpm
01a4abab8ec329a29cf2310d8ee006d9  10.2/RPMS/util-linux-2.12a-12.1.102mdk.i586.rpm
2bedcdeed443ed6438f290dff54038b5  10.2/SRPMS/util-linux-2.12a-12.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 73e23481f84309a90b99394468885e20  x86_64/10.2/RPMS/losetup-2.12a-12.1.102mdk.x86_64.rpm
8dc01cc71d8b32fbba41d1936c861534  x86_64/10.2/RPMS/mount-2.12a-12.1.102mdk.x86_64.rpm
441ce68e9e3b07c807bb5486adde1903  x86_64/10.2/RPMS/util-linux-2.12a-12.1.102mdk.x86_64.rpm
2bedcdeed443ed6438f290dff54038b5  x86_64/10.2/SRPMS/util-linux-2.12a-12.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2876

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer