Hosting Provided By

[SECURITY] [DSA 1450-1] New util-linux packages fix programming error

From: Steve Kemp <skx(at)debian.org>
Date: Sat Jan 05 2008 - 10:10:06 EST

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

------------------------------------------------------------------------ Debian Security Advisory DSA-1450-1 security@debian.org http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package        : util-linux
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2007-5191
Debian Bug     : XXX

It was discovered that util-linux, Miscellaneous system utilities, didn't drop privileged users and groups in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges.

For the stable distribution (etch), this problem has been fixed in version 2.12r-19etch1.

For the old stable distribution (sarge), this problem has been fixed in version 2.12p-4sarge2.

We recommend that you upgrade your util-linux package.

Upgrade instructions

- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

Do you need help?

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

- --------------------------------

Source archives:

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.dsc
    Size/MD5 checksum:      712 c16f823e59f4e6e844abb42a5d0d74c5
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.diff.gz
    Size/MD5 checksum:    74396 9e13a2463ef33b2bd1596072742f8da8
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p.orig.tar.gz
    Size/MD5 checksum:  2001658 d47e820f6880c21c8b4c0c7e8a7376cc

Architecture independent packages:

http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12p-4sarge2_all.deb Size/MD5 checksum: 1070176 a6404671c68d7f06a9da77b1dafc7a42

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_alpha.deb
    Size/MD5 checksum:   440162 5d79ed3df525038d07eee80e2872e625
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_alpha.deb
    Size/MD5 checksum:   161046 c8f09ca56ba1d2e557ca8c730b02585e
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_alpha.deb
    Size/MD5 checksum:    69054 6b36255a732ac7b3bddb4ed53d202e55
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_alpha.udeb
    Size/MD5 checksum:   563462 dd3b17badda1e17440a29cc29ff439a4

Do you need more help?

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_arm.deb
    Size/MD5 checksum:   387470 3df157ef832ed95ac9f92ff94383a7f1
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_arm.deb
    Size/MD5 checksum:    65422 c57935c9e9d5e3d9c3bbdda78b0047b1
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_arm.udeb
    Size/MD5 checksum:   548928 c29b3f44c372b9129138d89ab17178a7
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_arm.deb
    Size/MD5 checksum:   136594 6f762a670c52c716ef21b0fdca700447

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_hppa.deb
    Size/MD5 checksum:   423190 d15fcccebc85a5c173eb862eed237cab
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_hppa.udeb
    Size/MD5 checksum:   562828 4b3f69108bacc9f576125d55b450158d
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_hppa.deb
    Size/MD5 checksum:   149524 a7f26a0b62035eb0f395db4a0fb05cf6
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_hppa.deb
    Size/MD5 checksum:    68018 2966417cb1dbb3bd7321e78cf819953b

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_i386.udeb
    Size/MD5 checksum:   541402 f73c85cc3e687ce28163e1ec10aa25e6
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_i386.deb
    Size/MD5 checksum:    65834 198a771b904f201e49d04a0a401f02ea
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_i386.deb
    Size/MD5 checksum:   380538 c2cba4219351e9af5a90e772461d7015
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_i386.deb
    Size/MD5 checksum:   140038 41d4c24fcd78ef78253ffe7d0dceab22

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_ia64.deb
    Size/MD5 checksum:   507372 f5cfadc062f43cada6e6647770df546c
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_ia64.deb
    Size/MD5 checksum:    71636 3271e6449d3d26f3a12a3515b27bc1c6
Can we help you? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.debian.org Links
debian-announce
debian-apache
debian-arm-changes
debian-beowulf
debian-boot
debian-cd
debian-cd-vendors
debian-changes
debian-changes-digest
debian-isp
debian-kde
debian-laptop
debian-mirrors-announce
debian-news
debian-security
debian-security-announce
debian-testing
debian-user
debian-user-digest
Request more information about Pantek
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_ia64.deb
    Size/MD5 checksum:   174126 4373c2adb44d9db16523f8c544039d9b
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_ia64.udeb
    Size/MD5 checksum:   590718 a6586872cb11870c70ed302cff27edea

m68k architecture (Motorola Mc680x0)

  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_m68k.deb
    Size/MD5 checksum:   129950 7ec7e58e4e40d17916b5551458302f73
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_m68k.deb
    Size/MD5 checksum:    65646 a72b65b46670259235bde4f4c544e3e5
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_m68k.deb
    Size/MD5 checksum:   242714 7f4281627d1a35a381324181225d1d30

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_mips.deb
    Size/MD5 checksum:   149674 c2112e05a05010002a00ac7aab88c24d
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_mips.deb
    Size/MD5 checksum:   454004 fbfba9ffd81e5bf6e3cddbab79db7010
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_mips.udeb
    Size/MD5 checksum:   562188 df36a1b2bf7e3c139909536cb1cfacc6
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_mips.deb
    Size/MD5 checksum:    71200 d85673c687eae7c73a3f3dde8a0e1d1c

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_mipsel.deb
    Size/MD5 checksum:    71128 11eb8733b74fb60b827e0ee20a665074
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_mipsel.udeb
    Size/MD5 checksum:   560164 09fba084cb3fbadcb3e8dfbe23d9ca00
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_mipsel.deb
    Size/MD5 checksum:   454098 70cf0b01d6c7c8168b67ddca58ac460c
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_mipsel.deb
    Size/MD5 checksum:   150286 225957bd9f3459d8c690a2fb8d5d5c63

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_powerpc.deb
    Size/MD5 checksum:   147524 fa550c13e958cb24c4fc6892721f1774
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_powerpc.udeb
    Size/MD5 checksum:   556382 6c1e157b9d8c50e710e161ff56128fc3
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_powerpc.deb
    Size/MD5 checksum:   406432 240bb6ff7568a9c5431d6e25effd9027
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_powerpc.deb
    Size/MD5 checksum:    66066 c79ecde89a4bca6098631ed3b037f3c0

Can't find what you're looking for?

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_s390.deb
    Size/MD5 checksum:   379214 58a06c548c099ecc78844285138a9ef4
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_s390.deb
    Size/MD5 checksum:   145948 f1aa3a82a738a93d244b9efccce0f807
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_s390.udeb
    Size/MD5 checksum:   558122 ca862492d2073e62bd02e0e5035739ad
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_s390.deb
    Size/MD5 checksum:    67214 bd5a4a0caa9633cce62dab9c46b92e68

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_sparc.deb
    Size/MD5 checksum:   138374 89cca3fc13c63f2e968868c16b2c8af5
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_sparc.deb
    Size/MD5 checksum:   274552 ed37167f7e16d1b5e6aad05a865ed980
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_sparc.deb
    Size/MD5 checksum:    65528 fee03f7fa096f9628f1da718ee73c068
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_sparc.udeb
    Size/MD5 checksum:    39778 ec743031e4434bf8fac954643bc82a75
Don't know where to look next? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.debian.org Links
debian-announce
debian-apache
debian-arm-changes
debian-beowulf
debian-boot
debian-cd
debian-cd-vendors
debian-changes
debian-changes-digest
debian-isp
debian-kde
debian-laptop
debian-mirrors-announce
debian-news
debian-security
debian-security-announce
debian-testing
debian-user
debian-user-digest
Request more information about Pantek

Debian GNU/Linux 4.0 alias etch

- -------------------------------

Source archives:

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1.dsc
    Size/MD5 checksum:      750 66546d031256054335cee8f1537d497d
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1.diff.gz
    Size/MD5 checksum:   103759 258e5d0be4b6d58da2926840e91f80d8

Architecture independent packages:

http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12r-19etch1_all.deb Size/MD5 checksum: 1086256 ba17a075cf0cb2f76c58f6ca0dabc469

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_alpha.udeb
    Size/MD5 checksum:   485430 5914165d8adb198d1c4f20923e77371b
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_alpha.deb
    Size/MD5 checksum:    71118 80416006c0439b5b160308c4cab38cab
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_alpha.deb
    Size/MD5 checksum:   412426 a512bdf2a6e4610368268a48616e2338
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_alpha.deb
    Size/MD5 checksum:   174248 a387863a4533463ea8f76d9fbe28b57b
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_alpha.udeb
    Size/MD5 checksum:    69232 52c3d65dc03c4bb10da3aa8997b40af2

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_amd64.deb
    Size/MD5 checksum:   162824 d2b3d4d6d3ca0aec56e6560831a9de5a
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_amd64.deb
    Size/MD5 checksum:   397324 5f3758c3dfda838c877e6d471cb784ec
  
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_amd64.udeb
    Size/MD5 checksum:   485096 7d7eba8ac57dbbaac1ec8ab081e45497
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_amd64.deb
    Size/MD5 checksum:    69764 bc0c5d69fdf2165458c0e7abefdb5fbc
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_amd64.udeb
    Size/MD5 checksum:    64548 0eb480a8aee59e4c620ecb29f63f927c

Confused? Frustrated?