USN-533-1: util-linux vulnerability
Posted on: 10/22/2007 11:40 PM

A new util-linux vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-533-1 October 22, 2007
util-linux vulnerability
CVE-2007-5191
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
mount 2.12r-4ubuntu6.1

Ubuntu 6.10:
mount 2.12r-11ubuntu2.1

Ubuntu 7.04:
mount 2.12r-17ubuntu2.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

Ludwig Nussel discovered that mount and umount did not properly
drop privileges when using helper programs. Local attackers may be
able to bypass security restrictions and gain root privileges using
programs such as mount.nfs or mount.cifs.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-4ubuntu6.1.diff.gz
Size/MD5: 101504 5063e0943259af8d75fa4199eb5c340a
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-4ubuntu6.1.dsc
Size/MD5: 732 65ba84c3ab964502ec5ae80c009a6497
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r.orig.tar.gz
Size/MD5: 1992725 c261230b27fc0fbcc287c76884caf2d3

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-loc=
ales_2.12r-4ubuntu6.1_all.deb
Size/MD5: 43392 0c7b4c1b3d48b45d9e729f42dee9296f

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-4ubuntu6.1_amd64.deb
Size/MD5: 69326 2b8321e57e1c8e4ef9b8902a3cdc4683
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-4ubuntu6.1_amd64.udeb
Size/MD5: 66824 c370b8bf588c3b8b9dd29a19822b1232
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-4u=
buntu6.1_amd64.deb
Size/MD5: 160850 6e14e437fa62909f08e445c73ccf67c2
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-4ubuntu6.1_amd64.deb
Size/MD5: 394464 a9a5caccaf19f29955e2a3602c128676
http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-ude=
b_2.12r-4ubuntu6.1_amd64.udeb
Size/MD5: 485590 549f70cc234036f52a0153f536f036f3

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-4ubuntu6.1_i386.deb
Size/MD5: 67848 2d4613205909766056d456be542ab753
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-4ubuntu6.1_i386.udeb
Size/MD5: 58944 4d3384362813f66f909a436401d2274c
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-4u=
buntu6.1_i386.deb
Size/MD5: 153166 fadc3cae13850c2938ce59e5d925564d
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-4ubuntu6.1_i386.deb
Size/MD5: 370816 86b1ec915741e5a6b8a3493648447967
http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-ude=
b_2.12r-4ubuntu6.1_i386.udeb
Size/MD5: 483450 b8a431278080ee63975f69cbaa3990b9

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-4ubuntu6.1_powerpc.deb
Size/MD5: 68240 935696198ecedebdd4bbd5080ad4c7da
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-4ubuntu6.1_powerpc.udeb
Size/MD5: 64558 f0b62ce814f5ef7f2c561fd902220483
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-4u=
buntu6.1_powerpc.deb
Size/MD5: 158188 7d4ec5fabe980107954e88758944710a
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-4ubuntu6.1_powerpc.deb
Size/MD5: 390816 6daaf30b714059ab080120f7e767b2f1
http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-ude=
b_2.12r-4ubuntu6.1_powerpc.udeb
Size/MD5: 488388 c1b9f667e952536d7373ffecf88242d4

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-4ubuntu6.1_sparc.deb
Size/MD5: 67874 e2a4bf0146d1365d95f7b44ca6a6ab5c
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-4ubuntu6.1_sparc.udeb
Size/MD5: 37400 5dcb2dfa0381c3717f434f98917d42ba
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-4u=
buntu6.1_sparc.deb
Size/MD5: 155194 91c64fb21f93f62edd7d3228063e54be
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-4ubuntu6.1_sparc.deb
Size/MD5: 271282 0275204889f9f8f5827fda97c9642365

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-11ubuntu2.1.diff.gz
Size/MD5: 199900 6dc802e38afd0e957470a259252fed30
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-11ubuntu2.1.dsc
Size/MD5: 780 8a66d11c0b055b4cb1c806265ae4bd7c
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r.orig.tar.gz
Size/MD5: 1992725 c261230b27fc0fbcc287c76884caf2d3

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-loc=
ales_2.12r-11ubuntu2.1_all.deb
Size/MD5: 44172 47381569ef3faf53deaebfe823515225

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-11ubuntu2.1_amd64.deb
Size/MD5: 70060 11d05b951692ad0ec4dfcb07798fb7d9
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-11ubuntu2.1_amd64.udeb
Size/MD5: 64874 fdc0131f5d45909ccee4db6c8529fcff
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-11=
ubuntu2.1_amd64.deb
Size/MD5: 192840 4eee14a85679e58bb3d3b70c784aa0c7
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-11ubuntu2.1_amd64.deb
Size/MD5: 392982 c684402d47c0241082b8e10d53d7be1d
http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-ude=
b_2.12r-11ubuntu2.1_amd64.udeb
Size/MD5: 485138 e2e27a06ce3e23ec0a0a60adccef1d3f

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-11ubuntu2.1_i386.deb
Size/MD5: 68702 2b0c3156e1e16d6a7c85b47cc78568a9
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-11ubuntu2.1_i386.udeb
Size/MD5: 58272 5a0219fa52ba18e8c5643b4b9b306d34
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-11=
ubuntu2.1_i386.deb
Size/MD5: 184006 6f0cb2c4a653abb923c759af5d772ce6
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-11ubuntu2.1_i386.deb
Size/MD5: 375022 40ccbe89337f5d50180627fed498d0dc
http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-ude=
b_2.12r-11ubuntu2.1_i386.udeb
Size/MD5: 483648 efbe3d82bff46ba822d0fd98ce8a00e5

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-11ubuntu2.1_powerpc.deb
Size/MD5: 69312 8923eab5bccce5f21450d5db5b3d9823
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-11ubuntu2.1_powerpc.udeb
Size/MD5: 64518 0fc8f544fc3a3d0048a392928060e738
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-11=
ubuntu2.1_powerpc.deb
Size/MD5: 186332 0452808b8c81777e9b0ce0e7f4fd5339
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-11ubuntu2.1_powerpc.deb
Size/MD5: 396242 661ad07d73e8e4d8c598332e3f8d6cff
http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-ude=
b_2.12r-11ubuntu2.1_powerpc.udeb
Size/MD5: 488244 35b07c63b6e17be0904b43e6e40ac9c3

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-11ubuntu2.1_sparc.deb
Size/MD5: 68920 843532049701dd1dcb8fd577c40946af
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-11ubuntu2.1_sparc.udeb
Size/MD5: 37760 48451d10fceab09e6de661ef05f1b14a
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-11=
ubuntu2.1_sparc.deb
Size/MD5: 188254 e4157312fcf1047f3884d7b9bb3e8c45
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-11ubuntu2.1_sparc.deb
Size/MD5: 276076 6c9194834c90105b17c3da08f16b38cf

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-17ubuntu2.1.diff.gz
Size/MD5: 109100 a98e53b6bd68efce6a0b4c0ad3a24d80
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-17ubuntu2.1.dsc
Size/MD5: 865 34b1c475aa3933d95901be238428b924
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r.orig.tar.gz
Size/MD5: 1992725 c261230b27fc0fbcc287c76884caf2d3

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-loc=
ales_2.12r-17ubuntu2.1_all.deb
Size/MD5: 44988 69af31de05c3a8e7fc6f693572a2ff23

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-17ubuntu2.1_amd64.deb
Size/MD5: 71096 40f8b2e35b2100f58d1942e9e5cc1772
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-17ubuntu2.1_amd64.udeb
Size/MD5: 65082 398252dc85854c50fefb8b2d76f319a2
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-17=
ubuntu2.1_amd64.deb
Size/MD5: 195646 da3a145a93f1515451f5ab5ed5a7740f
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-17ubuntu2.1_amd64.deb
Size/MD5: 400806 e84c0a0683cc98e6713f6e4974f41085
http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-ude=
b_2.12r-17ubuntu2.1_amd64.udeb
Size/MD5: 485302 ffcee793560ed0cf14e317d062509dca

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-17ubuntu2.1_i386.deb
Size/MD5: 69674 23b78f3a8cf3c8f7a28322ba329f1d9f
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-17ubuntu2.1_i386.udeb
Size/MD5: 58380 435448ca928a18b2adb8191d92277704
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-17=
ubuntu2.1_i386.deb
Size/MD5: 187336 6291c54abce2cd34e50b5d3f88a2df5f
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-17ubuntu2.1_i386.deb
Size/MD5: 376748 3e714e4aa8f7f166fbc6001781775335
http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-ude=
b_2.12r-17ubuntu2.1_i386.udeb
Size/MD5: 483782 b77ffc94324dd26b8f6c09df92a982aa

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-17ubuntu2.1_powerpc.deb
Size/MD5: 72014 b7907757378492fdb225909472c06469
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-17ubuntu2.1_powerpc.udeb
Size/MD5: 66418 23c264a1b201adb3c67035b617c00e79
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-17=
ubuntu2.1_powerpc.deb
Size/MD5: 194292 d3abfc28e4a069e38bd7a1b4d477c56c
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-17ubuntu2.1_powerpc.deb
Size/MD5: 415928 497b860e715ac518acbdb85fc54ee7a1
http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-ude=
b_2.12r-17ubuntu2.1_powerpc.udeb
Size/MD5: 489348 28ff6843b647a5900aa6cae56fdd5094

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r=
-17ubuntu2.1_sparc.deb
Size/MD5: 70492 2cdb53a81ed2e737a87c55b6aed743d0
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.1=
2r-17ubuntu2.1_sparc.udeb
Size/MD5: 38290 0fd59c31535bd82a74c9ed5a292cadad
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-17=
ubuntu2.1_sparc.deb
Size/MD5: 193684 4405c4176922a2bfcff0ed311dff468b
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.1=
2r-17ubuntu2.1_sparc.deb
Size/MD5: 281288 5b7901a1124ce38ef8f0a57c4b8e0ba2


--zPXeIxDajdrcF2en
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHHO3KH/9LqRcGPm0RAlvWAJ9OtlWwggz0bETq8yTR/BNHVdtMOACeJQHb
KAzlY7aVDtSjGg1HJDZtJs4=
=eEsh
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_533_1_util_linux_vulnerability.html)