Lucene search

Gentoo FoundationMGASA-2016-0256

HistoryJul 14, 2016 - 11:33 p.m.

Updated util-linux packages fix security vulnerability

2016-07-1423:33:59

Gentoo Foundation

advisories.mageia.org

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

52.4%

JSON

The util-linux libblkid is vulnerable to a Denial of Service attack during MSDOS partition table parsing, in the extended partition boot record (EBR). If the next EBR starts at relative offset 0, parse_dos_extended() will loop until running out of memory. An attacker could install a specially crafted MSDOS partition table in a storage device and trick a user into using it. This library is used, among others, by systemd-udevd daemon (CVE-2016-5011).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchutil-linux< 2.25.2-3.4util-linux-2.25.2-3.4.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	util-linux	< 2.25.2-3.4	util-linux-2.25.2-3.4.mga5

References

openwall.com/lists/oss-security/2016/07/11/2

bugs.mageia.org/show_bug.cgi?id=18922

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for MGASA-2016-0256