Security Advisory Low: util-linux security and bug fix update

Advisory: RHSA-2007:0235-2
Type: Security Advisory
Severity: Low
Issued on: 2007-05-01
Last updated on: 2007-05-01
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20070235.xml
CVEs (cve.mitre.org): CVE-2006-7108

Details

An updated util-linux package that corrects a security issue and fixes
several bugs is now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

The util-linux package contains a collection of basic system utilities.

A flaw was found in the way the login process handled logins which did not
require authentication. Certain processes which conduct their own
authentication could allow a remote user to bypass intended access policies
which would normally be enforced by the login process. (CVE-2006-7108)

This update also fixes the following bugs:

* The partx, addpart and delpart commands were not documented.

* The "umount -l" command did not work on hung NFS mounts with cached data.

* The mount command did not mount NFS V3 share where sec=none was specified.

* The mount command did not read filesystem LABEL from unpartitioned disks.

* The mount command did not recognize labels on VFAT filesystems.

* The fdisk command did not support 4096 sector size for the "-b" option.

* The mount man page did not list option "mand" or information about
/etc/mtab limitations.

All users of util-linux should upgrade to these updated packages, which
contain backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
util-linux-2.12a-16.EL4.25.src.rpm
File outdated by:  RHSA-2009:0981		     b55ecbe0eac80ed7482e5e31265eb372
 
IA-32:
util-linux-2.12a-16.EL4.25.i386.rpm
File outdated by:  RHSA-2009:0981		     ff7c2ff0b317f3d23d8c86f07d101c55
 
x86_64:
util-linux-2.12a-16.EL4.25.x86_64.rpm
File outdated by:  RHSA-2009:0981		     4566fc204cdc0b6420f71f87959b82e2
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
util-linux-2.12a-16.EL4.25.src.rpm
File outdated by:  RHSA-2009:0981		     b55ecbe0eac80ed7482e5e31265eb372
 
IA-32:
util-linux-2.12a-16.EL4.25.i386.rpm
File outdated by:  RHSA-2009:0981		     ff7c2ff0b317f3d23d8c86f07d101c55
 
IA-64:
util-linux-2.12a-16.EL4.25.ia64.rpm
File outdated by:  RHSA-2009:0981		     111cedb53d72339a1eb57880a463f669
 
PPC:
util-linux-2.12a-16.EL4.25.ppc.rpm
File outdated by:  RHSA-2009:0981		     900880d8faadebd6216952c6eaa8ee31
 
s390:
util-linux-2.12a-16.EL4.25.s390.rpm
File outdated by:  RHSA-2009:0981		     85ab4e837ed645340d8d31687c9c2543
 
s390x:
util-linux-2.12a-16.EL4.25.s390x.rpm
File outdated by:  RHSA-2009:0981		     051a5321c719ee77c56f218a4f360b7d
 
x86_64:
util-linux-2.12a-16.EL4.25.x86_64.rpm
File outdated by:  RHSA-2009:0981		     4566fc204cdc0b6420f71f87959b82e2
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
util-linux-2.12a-16.EL4.25.src.rpm
File outdated by:  RHSA-2009:0981		     b55ecbe0eac80ed7482e5e31265eb372
 
IA-32:
util-linux-2.12a-16.EL4.25.i386.rpm
File outdated by:  RHSA-2009:0981		     ff7c2ff0b317f3d23d8c86f07d101c55
 
IA-64:
util-linux-2.12a-16.EL4.25.ia64.rpm
File outdated by:  RHSA-2009:0981		     111cedb53d72339a1eb57880a463f669
 
x86_64:
util-linux-2.12a-16.EL4.25.x86_64.rpm
File outdated by:  RHSA-2009:0981		     4566fc204cdc0b6420f71f87959b82e2
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
util-linux-2.12a-16.EL4.25.src.rpm
File outdated by:  RHSA-2009:0981		     b55ecbe0eac80ed7482e5e31265eb372
 
IA-32:
util-linux-2.12a-16.EL4.25.i386.rpm
File outdated by:  RHSA-2009:0981		     ff7c2ff0b317f3d23d8c86f07d101c55
 
IA-64:
util-linux-2.12a-16.EL4.25.ia64.rpm
File outdated by:  RHSA-2009:0981		     111cedb53d72339a1eb57880a463f669
 
x86_64:
util-linux-2.12a-16.EL4.25.x86_64.rpm
File outdated by:  RHSA-2009:0981		     4566fc204cdc0b6420f71f87959b82e2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

169299 - umount -l should work on hung NFS mounts with cached data
177331 - CVE-2006-7108 login omits pam_acct_mgmt & pam_chauthtok when authentication is skipped.
187370 - Unable to mount NFS V3 share where sec=none is specified
188099 - can't mount iscsi ext3 fs by label.
197768 - man mount' does not list option 'mand'


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7108
http://www.redhat.com/security/updates/classification/#low

Keywords

fdisk, login, mount

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/