Login
Newsletter
Werbung
Sicherheit: Mangelnde Rechteprüfung in util-linux
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in util-linux
ID: MDKSA-2005:167
Distribution: Mandriva
Plattformen: Mandriva 10.0, Mandriva 10.1, Mandriva Corporate 3.0, Mandriva Corporate Server 2.1, Mandriva 10.2, Mandriva Multi Network Firewall 2.0
Datum: Mi, 21. September 2005, 05:02
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2876
Applikationen: util-linux

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1127271438-805-4276

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           util-linux
 Advisory ID:            MDKSA-2005:167
 Date:                   September 20th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 David Watson disovered that the umount utility, when using the "-r"
 cpmmand, could remove some restrictive mount options such as "nosuid".
 IF /etc/fstab contained user-mountable removable devices that specified
 nosuid, a local attacker could exploit this flaw to execute arbitrary
 programs with root privileges by calling "umount -r" on a removable
 device.
 
 The updated packages have been patched to ensure that "-r" can only
 be called by the root user.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2876
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 e28c42b0a18bf906ea339ffeb02d3320  10.0/RPMS/losetup-2.12-2.1.100mdk.i586.rpm
 6dd9d97f688ab7b872dba55b9c427935  10.0/RPMS/mount-2.12-2.1.100mdk.i586.rpm
 b23bbbec6f75fbe1f2137f1335f782f9 
 10.0/RPMS/util-linux-2.12-2.1.100mdk.i586.rpm
 0c84336fe4e647fe4b35686e6e938a8f 
 10.0/SRPMS/util-linux-2.12-2.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 1c972124af9eba5acc9691931e5629c8 
 amd64/10.0/RPMS/losetup-2.12-2.1.100mdk.amd64.rpm
 2a0367d603f4c8e893e7f0ec158132e5 
 amd64/10.0/RPMS/mount-2.12-2.1.100mdk.amd64.rpm
 4fe57def6145640a886feb35deb77a6d 
 amd64/10.0/RPMS/util-linux-2.12-2.1.100mdk.amd64.rpm
 0c84336fe4e647fe4b35686e6e938a8f 
 amd64/10.0/SRPMS/util-linux-2.12-2.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 658b5ee36c137e2533397ac71aa86e0e  10.1/RPMS/losetup-2.12a-5.1.101mdk.i586.rpm
 b15ae4dbd367fcd46e38d418bb3d1a86  10.1/RPMS/mount-2.12a-5.1.101mdk.i586.rpm
 701b35a4588f4ce5879b651724f72a1d 
 10.1/RPMS/util-linux-2.12a-5.1.101mdk.i586.rpm
 f1bbf1462e0f0987ce110388bd2e8d48 
 10.1/SRPMS/util-linux-2.12a-5.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 fbd4672670283fd495a652d0338467d4 
 x86_64/10.1/RPMS/losetup-2.12a-5.1.101mdk.x86_64.rpm
 b1773a98c38538db35e2c4fd8aa5e100 
 x86_64/10.1/RPMS/mount-2.12a-5.1.101mdk.x86_64.rpm
 8a4e15cdaaa7efe10c7830a9cda27523 
 x86_64/10.1/RPMS/util-linux-2.12a-5.1.101mdk.x86_64.rpm
 f1bbf1462e0f0987ce110388bd2e8d48 
 x86_64/10.1/SRPMS/util-linux-2.12a-5.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 8314ea4ec99e8e603fb2da6941aae1d9  10.2/RPMS/losetup-2.12a-12.1.102mdk.i586.rpm
 2a8a83e0e36295db943fc51a4aee863f  10.2/RPMS/mount-2.12a-12.1.102mdk.i586.rpm
 01a4abab8ec329a29cf2310d8ee006d9 
 10.2/RPMS/util-linux-2.12a-12.1.102mdk.i586.rpm
 2bedcdeed443ed6438f290dff54038b5 
 10.2/SRPMS/util-linux-2.12a-12.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 73e23481f84309a90b99394468885e20 
 x86_64/10.2/RPMS/losetup-2.12a-12.1.102mdk.x86_64.rpm
 8dc01cc71d8b32fbba41d1936c861534 
 x86_64/10.2/RPMS/mount-2.12a-12.1.102mdk.x86_64.rpm
 441ce68e9e3b07c807bb5486adde1903 
 x86_64/10.2/RPMS/util-linux-2.12a-12.1.102mdk.x86_64.rpm
 2bedcdeed443ed6438f290dff54038b5 
 x86_64/10.2/SRPMS/util-linux-2.12a-12.1.102mdk.src.rpm

 Multi Network Firewall 2.0:
 765b0e93637cce9d5b623a81bdc81e6e 
 mnf/2.0/RPMS/losetup-2.12-2.1.M20mdk.i586.rpm
 782d8a37c484ab76ae766dddcce2173e  mnf/2.0/RPMS/mount-2.12-2.1.M20mdk.i586.rpm
 d6f35d4ccdb1cb9dcd21218ca5d6da72 
 mnf/2.0/RPMS/util-linux-2.12-2.1.M20mdk.i586.rpm
 360a0c2f0e8d383b09a7eb44d1e654a2 
 mnf/2.0/SRPMS/util-linux-2.12-2.1.M20mdk.src.rpm

 Corporate Server 2.1:
 d560b7038ca8ae848b24414858fac1ef 
 corporate/2.1/RPMS/losetup-2.11u-5.1.C21mdk.i586.rpm
 81bf701d8b8129c0809c37205d4fbad0 
 corporate/2.1/RPMS/mount-2.11u-5.1.C21mdk.i586.rpm
 321463758b000a1e7348111f7bea2959 
 corporate/2.1/RPMS/util-linux-2.11u-5.1.C21mdk.i586.rpm
 b1d2f438863cd5c807548ec4209b0179 
 corporate/2.1/SRPMS/util-linux-2.11u-5.1.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 141b7b38947d1fd2ef4088ba20e093f1 
 x86_64/corporate/2.1/RPMS/losetup-2.11u-5.1.C21mdk.x86_64.rpm
 ddb3ee3ebe56b399ff881806f9cd8832 
 x86_64/corporate/2.1/RPMS/mount-2.11u-5.1.C21mdk.x86_64.rpm
 a61050516b99231bca46507fa94aa5e8 
 x86_64/corporate/2.1/RPMS/util-linux-2.11u-5.1.C21mdk.x86_64.rpm
 b1d2f438863cd5c807548ec4209b0179 
 x86_64/corporate/2.1/SRPMS/util-linux-2.11u-5.1.C21mdk.src.rpm

 Corporate 3.0:
 bbcce593f1b51833383997590a13b834 
 corporate/3.0/RPMS/losetup-2.12-2.1.C30mdk.i586.rpm
 bb38ae724541d9c73ac64d382d4839e8 
 corporate/3.0/RPMS/mount-2.12-2.1.C30mdk.i586.rpm
 55420d5f1fa9c7cc7f6e42f61c0428fc 
 corporate/3.0/RPMS/util-linux-2.12-2.1.C30mdk.i586.rpm
 28f6b881c65662695c84ac100ea9d012 
 corporate/3.0/SRPMS/util-linux-2.12-2.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3d96c512a6eaf548bef73c7fc3db5012 
 x86_64/corporate/3.0/RPMS/losetup-2.12-2.1.C30mdk.x86_64.rpm
 21d37d4ebb7943cf412a3bb423808fc5 
 x86_64/corporate/3.0/RPMS/mount-2.12-2.1.C30mdk.x86_64.rpm
 75fa21eea372a790a6f1c3a8a120cb7e 
 x86_64/corporate/3.0/RPMS/util-linux-2.12-2.1.C30mdk.x86_64.rpm
 28f6b881c65662695c84ac100ea9d012 
 x86_64/corporate/3.0/SRPMS/util-linux-2.12-2.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDMMknmqjQ0CJFipgRApl5AJ0V55xXLK1r3ouZPPIUb8A60mkI7wCgtSbn
J05gUpwFuw1ODdAHxOyfYo4=
=smMW
-----END PGP SIGNATURE-----


------------=_1127271438-805-4276
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1127271438-805-4276--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung