Mandriva

Package name util-linux Date October 15th, 2007 Advisory ID MDKSA-2007:198 Affected versions CS3.0, MNF2.0, 2007.0, CS4.0, 2007.1, 2008.0 Synopsis Updated util-linux packages fix vulnerability

Problem Description

The mount and umount programs in util-linux called the setuid() and
setgid() functions in the wrong order and did not check the return
values, which could allow attackers to grain privileges via helper
applications such as mount.nfs.

Updated packages have been patched to fix this issue.

Updated Packages

Corporate Server 3.0

 860c4c8418f1143264994b2c83e7d95f  corporate/3.0/i586/losetup-2.12-2.3.C30mdk.i586.rpm
 a32e5441007cfd710275deb76e8fbd3a  corporate/3.0/i586/mount-2.12-2.3.C30mdk.i586.rpm
 541e29f0531f46dfc786e8b7f7d1d7ac  corporate/3.0/i586/util-linux-2.12-2.3.C30mdk.i586.rpm 
 4a56621eef79c176b447b0c494a0d1e9  corporate/3.0/SRPMS/util-linux-2.12-2.3.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 e5128f44cf0a79b0a0dc3c23aaa3a690  corporate/3.0/x86_64/losetup-2.12-2.3.C30mdk.x86_64.rpm
 18c0bb4e45301d8df328026b19630724  corporate/3.0/x86_64/mount-2.12-2.3.C30mdk.x86_64.rpm
 4de1c1120f72dee868cf4561bca2c2ac  corporate/3.0/x86_64/util-linux-2.12-2.3.C30mdk.x86_64.rpm 
 4a56621eef79c176b447b0c494a0d1e9  corporate/3.0/SRPMS/util-linux-2.12-2.3.C30mdk.src.rpm

Multi Network Firewall 2.0

 6b6ff10041f39974ffaf2f0f2205ef1b  mnf/2.0/i586/losetup-2.12-2.3.M20mdk.i586.rpm
 232fb2749c37aebcd84a37579a77f651  mnf/2.0/i586/mount-2.12-2.3.M20mdk.i586.rpm
 79be57ad149e0ad500b717c08840a3e3  mnf/2.0/i586/util-linux-2.12-2.3.M20mdk.i586.rpm 
 52f76435ff50cacd708dfe1af359bce4  mnf/2.0/SRPMS/util-linux-2.12-2.3.M20mdk.src.rpm

Mandriva Linux 2007

 64440de5b0e17ede0ff6d5647ed2ff59  2007.0/i586/losetup-2.12r-8.3mdv2007.0.i586.rpm
 15992ebb5aad91809aa77fd95d18ca0d  2007.0/i586/mount-2.12r-8.3mdv2007.0.i586.rpm
 b60fa731a619023d9ee621193fb774f5  2007.0/i586/util-linux-2.12r-8.3mdv2007.0.i586.rpm 
 67d816f2242c4c3d20f98caaa49aeb67  2007.0/SRPMS/util-linux-2.12r-8.3mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 b3fc22fbec0cab2444bb266551ece54a  2007.0/x86_64/losetup-2.12r-8.3mdv2007.0.x86_64.rpm
 2d1a2b67e27f03f1478b6d403101360f  2007.0/x86_64/mount-2.12r-8.3mdv2007.0.x86_64.rpm
 b55391c2d42ae2be0ec64816b0a4709f  2007.0/x86_64/util-linux-2.12r-8.3mdv2007.0.x86_64.rpm 
 67d816f2242c4c3d20f98caaa49aeb67  2007.0/SRPMS/util-linux-2.12r-8.3mdv2007.0.src.rpm

Corporate Server 4.0

 611b8878518021dd4852eca879ec9249  corporate/4.0/i586/losetup-2.12q-7.3.20060mlcs4.i586.rpm
 ed5fb53165d477aed270025f6bdc1506  corporate/4.0/i586/mount-2.12q-7.3.20060mlcs4.i586.rpm
 0b6627c6dd614e379f50818b696e6245  corporate/4.0/i586/util-linux-2.12q-7.3.20060mlcs4.i586.rpm 
 b151e4a0ba69681a503a41a1345812e0  corporate/4.0/SRPMS/util-linux-2.12q-7.3.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 20319f51172a26bfc749e730426394f1  corporate/4.0/x86_64/losetup-2.12q-7.3.20060mlcs4.x86_64.rpm
 e5b0f3559fbdd0b8624d45113c77d96e  corporate/4.0/x86_64/mount-2.12q-7.3.20060mlcs4.x86_64.rpm
 253f7975ab30effa3b9e8611a38dee67  corporate/4.0/x86_64/util-linux-2.12q-7.3.20060mlcs4.x86_64.rpm 
 b151e4a0ba69681a503a41a1345812e0  corporate/4.0/SRPMS/util-linux-2.12q-7.3.20060mlcs4.src.rpm

Mandriva Linux 2007.1

 c3f01c2633e3154e8c70165187e1cfee  2007.1/i586/losetup-2.12r-12.2mdv2007.1.i586.rpm
 085d5d11a4b37c3f6726ee0332b9d0aa  2007.1/i586/mount-2.12r-12.2mdv2007.1.i586.rpm
 451974eed97067c69bf34c6e9a59fa7a  2007.1/i586/util-linux-2.12r-12.2mdv2007.1.i586.rpm 
 89c2fe31fd555a760fe14d0a8cfa3b6f  2007.1/SRPMS/util-linux-2.12r-12.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64

 ce09e5fc6f050ca135f524bd5f9b3fbe  2007.1/x86_64/losetup-2.12r-12.2mdv2007.1.x86_64.rpm
 71273a5d58a55f79c85dd7a7dda54476  2007.1/x86_64/mount-2.12r-12.2mdv2007.1.x86_64.rpm
 fd27c8e4b14da14c3a13e61580f8b74a  2007.1/x86_64/util-linux-2.12r-12.2mdv2007.1.x86_64.rpm 
 89c2fe31fd555a760fe14d0a8cfa3b6f  2007.1/SRPMS/util-linux-2.12r-12.2mdv2007.1.src.rpm

Mandriva Linux 2008.0

 65d5eb89c2588aab19f877d085fb5a53  2008.0/i586/util-linux-ng-2.13-3.1mdv2008.0.i586.rpm 
 0fa5be0c17f9d0c403a60c1504600dac  2008.0/SRPMS/util-linux-ng-2.13-3.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64

 e36da656cc73ec8e1eab5032ada23a49  2008.0/x86_64/util-linux-ng-2.13-3.1mdv2008.0.x86_64.rpm 
 0fa5be0c17f9d0c403a60c1504600dac  2008.0/SRPMS/util-linux-ng-2.13-3.1mdv2008.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.