CentOS ProjectCESA-2017:0907libblkid, libmount, libuuid, util, uuidd security update
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.3%
CentOS Errata and Security Advisory CESA-2017:0907
The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program.
Security Fix(es):
- A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. (CVE-2017-2616)
Red Hat would like to thank Tobias StΓΆckmann for reporting this issue.
Bug Fix(es):
- The βfindmnt --target <path>β command prints all file systems where the mount point directory is <path>. Previously, when used in the chroot environment, βfindmnt --target <path>β incorrectly displayed all mount points. The command has been fixed so that it now checks the mount point path and returns information only for the relevant mount point. (BZ#1414481)
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2017-April/084538.html
Affected packages:
libblkid
libblkid-devel
libmount
libmount-devel
libuuid
libuuid-devel
util-linux
uuidd
Upstream details at:
https://access.redhat.com/errata/RHSA-2017:0907
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 7 | i686 | libblkid | <Β 2.23.2-33.el7_3.2 | libblkid-2.23.2-33.el7_3.2.i686.rpm |
| CentOS | 7 | x86_64 | libblkid | <Β 2.23.2-33.el7_3.2 | libblkid-2.23.2-33.el7_3.2.x86_64.rpm |
| CentOS | 7 | i686 | libblkid-devel | <Β 2.23.2-33.el7_3.2 | libblkid-devel-2.23.2-33.el7_3.2.i686.rpm |
| CentOS | 7 | x86_64 | libblkid-devel | <Β 2.23.2-33.el7_3.2 | libblkid-devel-2.23.2-33.el7_3.2.x86_64.rpm |
| CentOS | 7 | i686 | libmount | <Β 2.23.2-33.el7_3.2 | libmount-2.23.2-33.el7_3.2.i686.rpm |
| CentOS | 7 | x86_64 | libmount | <Β 2.23.2-33.el7_3.2 | libmount-2.23.2-33.el7_3.2.x86_64.rpm |
| CentOS | 7 | i686 | libmount-devel | <Β 2.23.2-33.el7_3.2 | libmount-devel-2.23.2-33.el7_3.2.i686.rpm |
| CentOS | 7 | x86_64 | libmount-devel | <Β 2.23.2-33.el7_3.2 | libmount-devel-2.23.2-33.el7_3.2.x86_64.rpm |
| CentOS | 7 | i686 | libuuid | <Β 2.23.2-33.el7_3.2 | libuuid-2.23.2-33.el7_3.2.i686.rpm |
| CentOS | 7 | x86_64 | libuuid | <Β 2.23.2-33.el7_3.2 | libuuid-2.23.2-33.el7_3.2.x86_64.rpm |
Related
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.3%