Security Advisory Moderate: util-linux security update

Advisory: RHSA-2007:0969-5
Type: Security Advisory
Severity: Moderate
Issued on: 2007-11-15
Last updated on: 2007-11-15
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20070969.xml
CVEs (cve.mitre.org): CVE-2007-5191

Details

Updated util-linux packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function.

A flaw was discovered in the way that the mount and umount utilities
used the setuid and setgid functions, which could lead to privileges being
dropped improperly. A local user could use this flaw to run mount helper
applications such as, mount.nfs, with additional privileges (CVE-2007-5191).

Users are advised to update to these erratum packages which contain a
backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
util-linux-2.11y-31.24.src.rpm     c8dca6be176c354618c990807ff3fc66
 
IA-32:
losetup-2.11y-31.24.i386.rpm     3abbd4266aa3f7864fa4aed635599240
mount-2.11y-31.24.i386.rpm     40ba72beac226a61aa4cf31a291e6830
util-linux-2.11y-31.24.i386.rpm     2d59da433560a41a7ae93ccfd07e71b2
 
x86_64:
losetup-2.11y-31.24.x86_64.rpm     4ad59d5036259f929da43ba69c34738d
mount-2.11y-31.24.x86_64.rpm     0e15083a039d371d5192a2c8096c10d2
util-linux-2.11y-31.24.x86_64.rpm     e091b661b1b72d58103025bc32624e23
 
Red Hat Desktop (v. 4)
SRPMS:
util-linux-2.12a-17.el4_6.1.src.rpm
File outdated by:  RHBA-2008:0751		     4286e43dacfd8a817477e7f84e03d453
 
IA-32:
util-linux-2.12a-17.el4_6.1.i386.rpm
File outdated by:  RHBA-2008:0751		     65ea34354b8231e4450a9612100e571b
 
x86_64:
util-linux-2.12a-17.el4_6.1.x86_64.rpm
File outdated by:  RHBA-2008:0751		     b9d00ce643a33f03703024f1a26893b7
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
util-linux-2.13-0.45.el5_1.1.src.rpm
File outdated by:  RHBA-2008:0449		     a05c05b42aa2e25741a1f456c4277fc1
 
IA-32:
util-linux-2.13-0.45.el5_1.1.i386.rpm
File outdated by:  RHBA-2008:0449		     3ca3123bb60a84d87d3b388ea3fb371b
 
IA-64:
util-linux-2.13-0.45.el5_1.1.ia64.rpm
File outdated by:  RHBA-2008:0449		     f296fb66f3ad252cf2fdbf89ea48a130
 
PPC:
util-linux-2.13-0.45.el5_1.1.ppc.rpm
File outdated by:  RHBA-2008:0449		     037c563ef84fc50cbfcfcca5901d24c4
 
s390x:
util-linux-2.13-0.45.el5_1.1.s390x.rpm
File outdated by:  RHBA-2008:0449		     eb59f687c6d8cea4ae281ba6d24698e5
 
x86_64:
util-linux-2.13-0.45.el5_1.1.x86_64.rpm
File outdated by:  RHBA-2008:0449		     538da8fbecb1c218cbc91b25e64fe90a
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
util-linux-2.11y-31.24.src.rpm     c8dca6be176c354618c990807ff3fc66
 
IA-32:
losetup-2.11y-31.24.i386.rpm     3abbd4266aa3f7864fa4aed635599240
mount-2.11y-31.24.i386.rpm     40ba72beac226a61aa4cf31a291e6830
util-linux-2.11y-31.24.i386.rpm     2d59da433560a41a7ae93ccfd07e71b2
 
IA-64:
losetup-2.11y-31.24.ia64.rpm     74cc943862f2a0f799d8a6ef23f607ea
mount-2.11y-31.24.ia64.rpm     b6de13019680ea1d206707c044c01477
util-linux-2.11y-31.24.ia64.rpm     10de76e9f049b44862894505db6b24d1
 
PPC:
losetup-2.11y-31.24.ppc.rpm     80dc38a98cadd1dff47e65a35db982f6
mount-2.11y-31.24.ppc.rpm     c5521b6183e456ab4c01d749d0a5e4f6
util-linux-2.11y-31.24.ppc.rpm     e6ed9283185c25e063642649485c99c8
 
s390:
losetup-2.11y-31.24.s390.rpm     2cd8b888ed5b0c2328e88daaf75afa22
mount-2.11y-31.24.s390.rpm     68363c1e2f2c1d6b91634fbc65f5cf77
util-linux-2.11y-31.24.s390.rpm     d6bcd2dafa3b637f8509eeac35bd3db6
 
s390x:
losetup-2.11y-31.24.s390x.rpm     e4c97ad371e73a8ef52e85e24efd9458
mount-2.11y-31.24.s390x.rpm     e22bf20509d377006a63d56ebf38d03f
util-linux-2.11y-31.24.s390x.rpm     660318e6e24ef3817332394bb253f63c
 
x86_64:
losetup-2.11y-31.24.x86_64.rpm     4ad59d5036259f929da43ba69c34738d
mount-2.11y-31.24.x86_64.rpm     0e15083a039d371d5192a2c8096c10d2
util-linux-2.11y-31.24.x86_64.rpm     e091b661b1b72d58103025bc32624e23
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
util-linux-2.12a-17.el4_6.1.src.rpm
File outdated by:  RHBA-2008:0751		     4286e43dacfd8a817477e7f84e03d453
 
IA-32:
util-linux-2.12a-17.el4_6.1.i386.rpm
File outdated by:  RHBA-2008:0751		     65ea34354b8231e4450a9612100e571b
 
IA-64:
util-linux-2.12a-17.el4_6.1.ia64.rpm
File outdated by:  RHBA-2008:0751		     2e63367f64bded552f69a14a3139d6db
 
PPC:
util-linux-2.12a-17.el4_6.1.ppc.rpm
File outdated by:  RHBA-2008:0751		     206359916ef9906ac3094e8b73dc6717
 
s390:
util-linux-2.12a-17.el4_6.1.s390.rpm
File outdated by:  RHBA-2008:0751		     973c18aa91f600e389531a9a38ce5a5f
 
s390x:
util-linux-2.12a-17.el4_6.1.s390x.rpm
File outdated by:  RHBA-2008:0751		     2a9eec5e0618573c654f0a036aacc65b
 
x86_64:
util-linux-2.12a-17.el4_6.1.x86_64.rpm
File outdated by:  RHBA-2008:0751		     b9d00ce643a33f03703024f1a26893b7
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
util-linux-2.13-0.45.el5_1.1.src.rpm
File outdated by:  RHBA-2008:0449		     a05c05b42aa2e25741a1f456c4277fc1
 
IA-32:
util-linux-2.13-0.45.el5_1.1.i386.rpm
File outdated by:  RHBA-2008:0449		     3ca3123bb60a84d87d3b388ea3fb371b
 
x86_64:
util-linux-2.13-0.45.el5_1.1.x86_64.rpm
File outdated by:  RHBA-2008:0449		     538da8fbecb1c218cbc91b25e64fe90a
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
util-linux-2.11y-31.24.src.rpm     c8dca6be176c354618c990807ff3fc66
 
IA-32:
losetup-2.11y-31.24.i386.rpm     3abbd4266aa3f7864fa4aed635599240
mount-2.11y-31.24.i386.rpm     40ba72beac226a61aa4cf31a291e6830
util-linux-2.11y-31.24.i386.rpm     2d59da433560a41a7ae93ccfd07e71b2
 
IA-64:
losetup-2.11y-31.24.ia64.rpm     74cc943862f2a0f799d8a6ef23f607ea
mount-2.11y-31.24.ia64.rpm     b6de13019680ea1d206707c044c01477
util-linux-2.11y-31.24.ia64.rpm     10de76e9f049b44862894505db6b24d1
 
x86_64:
losetup-2.11y-31.24.x86_64.rpm     4ad59d5036259f929da43ba69c34738d
mount-2.11y-31.24.x86_64.rpm     0e15083a039d371d5192a2c8096c10d2
util-linux-2.11y-31.24.x86_64.rpm     e091b661b1b72d58103025bc32624e23
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
util-linux-2.12a-17.el4_6.1.src.rpm
File outdated by:  RHBA-2008:0751		     4286e43dacfd8a817477e7f84e03d453
 
IA-32:
util-linux-2.12a-17.el4_6.1.i386.rpm
File outdated by:  RHBA-2008:0751		     65ea34354b8231e4450a9612100e571b
 
IA-64:
util-linux-2.12a-17.el4_6.1.ia64.rpm
File outdated by:  RHBA-2008:0751		     2e63367f64bded552f69a14a3139d6db
 
x86_64:
util-linux-2.12a-17.el4_6.1.x86_64.rpm
File outdated by:  RHBA-2008:0751		     b9d00ce643a33f03703024f1a26893b7
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
util-linux-2.11y-31.24.src.rpm     c8dca6be176c354618c990807ff3fc66
 
IA-32:
losetup-2.11y-31.24.i386.rpm     3abbd4266aa3f7864fa4aed635599240
mount-2.11y-31.24.i386.rpm     40ba72beac226a61aa4cf31a291e6830
util-linux-2.11y-31.24.i386.rpm     2d59da433560a41a7ae93ccfd07e71b2
 
IA-64:
losetup-2.11y-31.24.ia64.rpm     74cc943862f2a0f799d8a6ef23f607ea
mount-2.11y-31.24.ia64.rpm     b6de13019680ea1d206707c044c01477
util-linux-2.11y-31.24.ia64.rpm     10de76e9f049b44862894505db6b24d1
 
x86_64:
losetup-2.11y-31.24.x86_64.rpm     4ad59d5036259f929da43ba69c34738d
mount-2.11y-31.24.x86_64.rpm     0e15083a039d371d5192a2c8096c10d2
util-linux-2.11y-31.24.x86_64.rpm     e091b661b1b72d58103025bc32624e23
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
util-linux-2.12a-17.el4_6.1.src.rpm
File outdated by:  RHBA-2008:0751		     4286e43dacfd8a817477e7f84e03d453
 
IA-32:
util-linux-2.12a-17.el4_6.1.i386.rpm
File outdated by:  RHBA-2008:0751		     65ea34354b8231e4450a9612100e571b
 
IA-64:
util-linux-2.12a-17.el4_6.1.ia64.rpm
File outdated by:  RHBA-2008:0751		     2e63367f64bded552f69a14a3139d6db
 
x86_64:
util-linux-2.12a-17.el4_6.1.x86_64.rpm
File outdated by:  RHBA-2008:0751		     b9d00ce643a33f03703024f1a26893b7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

320041 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/