Skip to navigation

Security Advisory Moderate: util-linux security update

Advisory: RHSA-2007:0969-5
Type: Security Advisory
Severity: Moderate
Issued on: 2007-11-15
Last updated on: 2007-11-15
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.6.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.6.z)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-5191

Details

Updated util-linux packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function.

A flaw was discovered in the way that the mount and umount utilities
used the setuid and setgid functions, which could lead to privileges being
dropped improperly. A local user could use this flaw to run mount helper
applications such as, mount.nfs, with additional privileges (CVE-2007-5191).

Users are advised to update to these erratum packages which contain a
backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

IA-32:
losetup-2.11y-31.24.i386.rpm     MD5: 3abbd4266aa3f7864fa4aed635599240
mount-2.11y-31.24.i386.rpm     MD5: 40ba72beac226a61aa4cf31a291e6830
util-linux-2.11y-31.24.i386.rpm     MD5: 2d59da433560a41a7ae93ccfd07e71b2
 
x86_64:
losetup-2.11y-31.24.x86_64.rpm     MD5: 4ad59d5036259f929da43ba69c34738d
mount-2.11y-31.24.x86_64.rpm     MD5: 0e15083a039d371d5192a2c8096c10d2
util-linux-2.11y-31.24.x86_64.rpm     MD5: e091b661b1b72d58103025bc32624e23
 
Red Hat Desktop (v. 4)

SRPMS:
util-linux-2.12a-17.el4_6.1.src.rpm
File outdated by:  RHBA-2011:0233
    MD5: 4286e43dacfd8a817477e7f84e03d453
 
IA-32:
util-linux-2.12a-17.el4_6.1.i386.rpm
File outdated by:  RHBA-2011:0233
    MD5: 65ea34354b8231e4450a9612100e571b
 
x86_64:
util-linux-2.12a-17.el4_6.1.x86_64.rpm
File outdated by:  RHBA-2011:0233
    MD5: b9d00ce643a33f03703024f1a26893b7
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
util-linux-2.13-0.45.el5_1.1.src.rpm
File outdated by:  RHBA-2012:1437
    MD5: a05c05b42aa2e25741a1f456c4277fc1
 
IA-32:
util-linux-2.13-0.45.el5_1.1.i386.rpm
File outdated by:  RHBA-2012:1437
    MD5: 3ca3123bb60a84d87d3b388ea3fb371b
 
IA-64:
util-linux-2.13-0.45.el5_1.1.ia64.rpm
File outdated by:  RHBA-2012:1437
    MD5: f296fb66f3ad252cf2fdbf89ea48a130
 
PPC:
util-linux-2.13-0.45.el5_1.1.ppc.rpm
File outdated by:  RHBA-2012:1437
    MD5: 037c563ef84fc50cbfcfcca5901d24c4
 
s390x:
util-linux-2.13-0.45.el5_1.1.s390x.rpm
File outdated by:  RHBA-2012:1437
    MD5: eb59f687c6d8cea4ae281ba6d24698e5
 
x86_64:
util-linux-2.13-0.45.el5_1.1.x86_64.rpm
File outdated by:  RHBA-2012:1437
    MD5: 538da8fbecb1c218cbc91b25e64fe90a
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
losetup-2.11y-31.24.i386.rpm     MD5: 3abbd4266aa3f7864fa4aed635599240
mount-2.11y-31.24.i386.rpm     MD5: 40ba72beac226a61aa4cf31a291e6830
util-linux-2.11y-31.24.i386.rpm     MD5: 2d59da433560a41a7ae93ccfd07e71b2
 
IA-64:
losetup-2.11y-31.24.ia64.rpm     MD5: 74cc943862f2a0f799d8a6ef23f607ea
mount-2.11y-31.24.ia64.rpm     MD5: b6de13019680ea1d206707c044c01477
util-linux-2.11y-31.24.ia64.rpm     MD5: 10de76e9f049b44862894505db6b24d1
 
PPC:
losetup-2.11y-31.24.ppc.rpm     MD5: 80dc38a98cadd1dff47e65a35db982f6
mount-2.11y-31.24.ppc.rpm     MD5: c5521b6183e456ab4c01d749d0a5e4f6
util-linux-2.11y-31.24.ppc.rpm     MD5: e6ed9283185c25e063642649485c99c8
 
s390:
losetup-2.11y-31.24.s390.rpm     MD5: 2cd8b888ed5b0c2328e88daaf75afa22
mount-2.11y-31.24.s390.rpm     MD5: 68363c1e2f2c1d6b91634fbc65f5cf77
util-linux-2.11y-31.24.s390.rpm     MD5: d6bcd2dafa3b637f8509eeac35bd3db6
 
s390x:
losetup-2.11y-31.24.s390x.rpm     MD5: e4c97ad371e73a8ef52e85e24efd9458
mount-2.11y-31.24.s390x.rpm     MD5: e22bf20509d377006a63d56ebf38d03f
util-linux-2.11y-31.24.s390x.rpm     MD5: 660318e6e24ef3817332394bb253f63c
 
x86_64:
losetup-2.11y-31.24.x86_64.rpm     MD5: 4ad59d5036259f929da43ba69c34738d
mount-2.11y-31.24.x86_64.rpm     MD5: 0e15083a039d371d5192a2c8096c10d2
util-linux-2.11y-31.24.x86_64.rpm     MD5: e091b661b1b72d58103025bc32624e23
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
util-linux-2.12a-17.el4_6.1.src.rpm
File outdated by:  RHBA-2011:0233
    MD5: 4286e43dacfd8a817477e7f84e03d453
 
IA-32:
util-linux-2.12a-17.el4_6.1.i386.rpm
File outdated by:  RHBA-2011:0233
    MD5: 65ea34354b8231e4450a9612100e571b
 
IA-64:
util-linux-2.12a-17.el4_6.1.ia64.rpm
File outdated by:  RHBA-2011:0233
    MD5: 2e63367f64bded552f69a14a3139d6db
 
PPC:
util-linux-2.12a-17.el4_6.1.ppc.rpm
File outdated by:  RHBA-2011:0233
    MD5: 206359916ef9906ac3094e8b73dc6717
 
s390:
util-linux-2.12a-17.el4_6.1.s390.rpm
File outdated by:  RHBA-2011:0233
    MD5: 973c18aa91f600e389531a9a38ce5a5f
 
s390x:
util-linux-2.12a-17.el4_6.1.s390x.rpm
File outdated by:  RHBA-2011:0233
    MD5: 2a9eec5e0618573c654f0a036aacc65b
 
x86_64:
util-linux-2.12a-17.el4_6.1.x86_64.rpm
File outdated by:  RHBA-2011:0233
    MD5: b9d00ce643a33f03703024f1a26893b7
 
Red Hat Enterprise Linux AS (v. 4.6.z)

SRPMS:
util-linux-2.12a-17.el4_6.1.src.rpm
File outdated by:  RHBA-2011:0233
    MD5: 4286e43dacfd8a817477e7f84e03d453
 
IA-32:
util-linux-2.12a-17.el4_6.1.i386.rpm     MD5: 65ea34354b8231e4450a9612100e571b
 
IA-64:
util-linux-2.12a-17.el4_6.1.ia64.rpm     MD5: 2e63367f64bded552f69a14a3139d6db
 
PPC:
util-linux-2.12a-17.el4_6.1.ppc.rpm     MD5: 206359916ef9906ac3094e8b73dc6717
 
s390:
util-linux-2.12a-17.el4_6.1.s390.rpm     MD5: 973c18aa91f600e389531a9a38ce5a5f
 
s390x:
util-linux-2.12a-17.el4_6.1.s390x.rpm     MD5: 2a9eec5e0618573c654f0a036aacc65b
 
x86_64:
util-linux-2.12a-17.el4_6.1.x86_64.rpm     MD5: b9d00ce643a33f03703024f1a26893b7
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
util-linux-2.13-0.45.el5_1.1.src.rpm
File outdated by:  RHBA-2012:1437
    MD5: a05c05b42aa2e25741a1f456c4277fc1
 
IA-32:
util-linux-2.13-0.45.el5_1.1.i386.rpm
File outdated by:  RHBA-2012:1437
    MD5: 3ca3123bb60a84d87d3b388ea3fb371b
 
x86_64:
util-linux-2.13-0.45.el5_1.1.x86_64.rpm
File outdated by:  RHBA-2012:1437
    MD5: 538da8fbecb1c218cbc91b25e64fe90a
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
losetup-2.11y-31.24.i386.rpm     MD5: 3abbd4266aa3f7864fa4aed635599240
mount-2.11y-31.24.i386.rpm     MD5: 40ba72beac226a61aa4cf31a291e6830
util-linux-2.11y-31.24.i386.rpm     MD5: 2d59da433560a41a7ae93ccfd07e71b2
 
IA-64:
losetup-2.11y-31.24.ia64.rpm     MD5: 74cc943862f2a0f799d8a6ef23f607ea
mount-2.11y-31.24.ia64.rpm     MD5: b6de13019680ea1d206707c044c01477
util-linux-2.11y-31.24.ia64.rpm     MD5: 10de76e9f049b44862894505db6b24d1
 
x86_64:
losetup-2.11y-31.24.x86_64.rpm     MD5: 4ad59d5036259f929da43ba69c34738d
mount-2.11y-31.24.x86_64.rpm     MD5: 0e15083a039d371d5192a2c8096c10d2
util-linux-2.11y-31.24.x86_64.rpm     MD5: e091b661b1b72d58103025bc32624e23
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
util-linux-2.12a-17.el4_6.1.src.rpm
File outdated by:  RHBA-2011:0233
    MD5: 4286e43dacfd8a817477e7f84e03d453
 
IA-32:
util-linux-2.12a-17.el4_6.1.i386.rpm
File outdated by:  RHBA-2011:0233
    MD5: 65ea34354b8231e4450a9612100e571b
 
IA-64:
util-linux-2.12a-17.el4_6.1.ia64.rpm
File outdated by:  RHBA-2011:0233
    MD5: 2e63367f64bded552f69a14a3139d6db
 
x86_64:
util-linux-2.12a-17.el4_6.1.x86_64.rpm
File outdated by:  RHBA-2011:0233
    MD5: b9d00ce643a33f03703024f1a26893b7
 
Red Hat Enterprise Linux ES (v. 4.6.z)

SRPMS:
util-linux-2.12a-17.el4_6.1.src.rpm
File outdated by:  RHBA-2011:0233
    MD5: 4286e43dacfd8a817477e7f84e03d453
 
IA-32:
util-linux-2.12a-17.el4_6.1.i386.rpm     MD5: 65ea34354b8231e4450a9612100e571b
 
IA-64:
util-linux-2.12a-17.el4_6.1.ia64.rpm     MD5: 2e63367f64bded552f69a14a3139d6db
 
x86_64:
util-linux-2.12a-17.el4_6.1.x86_64.rpm     MD5: b9d00ce643a33f03703024f1a26893b7
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

SRPMS:
util-linux-2.13-0.45.el5_1.1.src.rpm
File outdated by:  RHBA-2012:1437
    MD5: a05c05b42aa2e25741a1f456c4277fc1
 
IA-32:
util-linux-2.13-0.45.el5_1.1.i386.rpm     MD5: 3ca3123bb60a84d87d3b388ea3fb371b
 
IA-64:
util-linux-2.13-0.45.el5_1.1.ia64.rpm     MD5: f296fb66f3ad252cf2fdbf89ea48a130
 
PPC:
util-linux-2.13-0.45.el5_1.1.ppc.rpm     MD5: 037c563ef84fc50cbfcfcca5901d24c4
 
s390x:
util-linux-2.13-0.45.el5_1.1.s390x.rpm     MD5: eb59f687c6d8cea4ae281ba6d24698e5
 
x86_64:
util-linux-2.13-0.45.el5_1.1.x86_64.rpm     MD5: 538da8fbecb1c218cbc91b25e64fe90a
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
losetup-2.11y-31.24.i386.rpm     MD5: 3abbd4266aa3f7864fa4aed635599240
mount-2.11y-31.24.i386.rpm     MD5: 40ba72beac226a61aa4cf31a291e6830
util-linux-2.11y-31.24.i386.rpm     MD5: 2d59da433560a41a7ae93ccfd07e71b2
 
IA-64:
losetup-2.11y-31.24.ia64.rpm     MD5: 74cc943862f2a0f799d8a6ef23f607ea
mount-2.11y-31.24.ia64.rpm     MD5: b6de13019680ea1d206707c044c01477
util-linux-2.11y-31.24.ia64.rpm     MD5: 10de76e9f049b44862894505db6b24d1
 
x86_64:
losetup-2.11y-31.24.x86_64.rpm     MD5: 4ad59d5036259f929da43ba69c34738d
mount-2.11y-31.24.x86_64.rpm     MD5: 0e15083a039d371d5192a2c8096c10d2
util-linux-2.11y-31.24.x86_64.rpm     MD5: e091b661b1b72d58103025bc32624e23
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
util-linux-2.12a-17.el4_6.1.src.rpm
File outdated by:  RHBA-2011:0233
    MD5: 4286e43dacfd8a817477e7f84e03d453
 
IA-32:
util-linux-2.12a-17.el4_6.1.i386.rpm
File outdated by:  RHBA-2011:0233
    MD5: 65ea34354b8231e4450a9612100e571b
 
IA-64:
util-linux-2.12a-17.el4_6.1.ia64.rpm
File outdated by:  RHBA-2011:0233
    MD5: 2e63367f64bded552f69a14a3139d6db
 
x86_64:
util-linux-2.12a-17.el4_6.1.x86_64.rpm
File outdated by:  RHBA-2011:0233
    MD5: b9d00ce643a33f03703024f1a26893b7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

320041 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/