CentOS Errata and Security Advisory CESA-2007:0969
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function.
A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges (CVE-2007-5191).
Users are advised to update to these erratum packages which contain a backported patch to correct this issue.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2007-November/026472.html http://lists.centos.org/pipermail/centos-announce/2007-November/026473.html http://lists.centos.org/pipermail/centos-announce/2007-November/026474.html http://lists.centos.org/pipermail/centos-announce/2007-November/026483.html http://lists.centos.org/pipermail/centos-announce/2007-November/026488.html http://lists.centos.org/pipermail/centos-announce/2007-November/026489.html
Affected packages: losetup mount util-linux
Upstream details at: https://rhn.redhat.com/errata/RHSA-2007-0969.html