libblkid, libmount, libuuid, util, uuidd security update

CentOS Errata and Security Advisory CESA-2016:2605

The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program.

Security Fix(es):

• It was found that util-linux’s libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine. (CVE-2016-5011)

Red Hat would like to thank Michael Gruhn for reporting this issue. Upstream acknowledges Christian Moch as the original reporter.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2016-November/029819.html

Affected packages:
libblkid
libblkid-devel
libmount
libmount-devel
libuuid
libuuid-devel
util-linux
uuidd

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:2605