losetup, mount, util security update

2007-11-15T19:24:57
ID CESA-2007:0969
Type centos
Reporter CentOS Project
Modified 2007-11-16T17:31:10

Description

CentOS Errata and Security Advisory CESA-2007:0969

The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function.

A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges (CVE-2007-5191).

Users are advised to update to these erratum packages which contain a backported patch to correct this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2007-November/026472.html http://lists.centos.org/pipermail/centos-announce/2007-November/026473.html http://lists.centos.org/pipermail/centos-announce/2007-November/026474.html http://lists.centos.org/pipermail/centos-announce/2007-November/026483.html http://lists.centos.org/pipermail/centos-announce/2007-November/026488.html http://lists.centos.org/pipermail/centos-announce/2007-November/026489.html

Affected packages: losetup mount util-linux

Upstream details at: https://rhn.redhat.com/errata/RHSA-2007-0969.html