- ------------------------------------------------------------------------Debian Security Advisory DSA-1450-1                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
January 05, 2008                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : util-linux
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2007-5191
Debian Bug     : XXX


It was discovered that util-linux, Miscellaneous system utilities, didn't
drop privileged users and groups in the correct order in the mount and
umount commands.  This could potentially allow a local user to gain
additional privileges.

For the stable distribution (etch), this problem has been fixed in version
2.12r-19etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 2.12p-4sarge2.

We recommend that you upgrade your util-linux package.


Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------Source archives:

      Size/MD5 checksum:      712 c16f823e59f4e6e844abb42a5d0d74c5
      Size/MD5 checksum:    74396 9e13a2463ef33b2bd1596072742f8da8
      Size/MD5 checksum:  2001658 d47e820f6880c21c8b4c0c7e8a7376cc

Architecture independent packages:

      Size/MD5 checksum:  1070176 a6404671c68d7f06a9da77b1dafc7a42

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   440162 5d79ed3df525038d07eee80e2872e625
      Size/MD5 checksum:   161046 c8f09ca56ba1d2e557ca8c730b02585e
      Size/MD5 checksum:    69054 6b36255a732ac7b3bddb4ed53d202e55
      Size/MD5 checksum:   563462 dd3b17badda1e17440a29cc29ff439a4

arm architecture (ARM)

      Size/MD5 checksum:   387470 3df157ef832ed95ac9f92ff94383a7f1
      Size/MD5 checksum:    65422 c57935c9e9d5e3d9c3bbdda78b0047b1
      Size/MD5 checksum:   548928 c29b3f44c372b9129138d89ab17178a7
      Size/MD5 checksum:   136594 6f762a670c52c716ef21b0fdca700447

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   423190 d15fcccebc85a5c173eb862eed237cab
      Size/MD5 checksum:   562828 4b3f69108bacc9f576125d55b450158d
      Size/MD5 checksum:   149524 a7f26a0b62035eb0f395db4a0fb05cf6
      Size/MD5 checksum:    68018 2966417cb1dbb3bd7321e78cf819953b

i386 architecture (Intel ia32)

      Size/MD5 checksum:   541402 f73c85cc3e687ce28163e1ec10aa25e6
      Size/MD5 checksum:    65834 198a771b904f201e49d04a0a401f02ea
      Size/MD5 checksum:   380538 c2cba4219351e9af5a90e772461d7015
      Size/MD5 checksum:   140038 41d4c24fcd78ef78253ffe7d0dceab22

ia64 architecture (Intel ia64)

      Size/MD5 checksum:   507372 f5cfadc062f43cada6e6647770df546c
      Size/MD5 checksum:    71636 3271e6449d3d26f3a12a3515b27bc1c6
      Size/MD5 checksum:   174126 4373c2adb44d9db16523f8c544039d9b
      Size/MD5 checksum:   590718 a6586872cb11870c70ed302cff27edea

m68k architecture (Motorola Mc680x0)

      Size/MD5 checksum:   129950 7ec7e58e4e40d17916b5551458302f73
      Size/MD5 checksum:    65646 a72b65b46670259235bde4f4c544e3e5
      Size/MD5 checksum:   242714 7f4281627d1a35a381324181225d1d30

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   149674 c2112e05a05010002a00ac7aab88c24d
      Size/MD5 checksum:   454004 fbfba9ffd81e5bf6e3cddbab79db7010
      Size/MD5 checksum:   562188 df36a1b2bf7e3c139909536cb1cfacc6
      Size/MD5 checksum:    71200 d85673c687eae7c73a3f3dde8a0e1d1c

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:    71128 11eb8733b74fb60b827e0ee20a665074
      Size/MD5 checksum:   560164 09fba084cb3fbadcb3e8dfbe23d9ca00
      Size/MD5 checksum:   454098 70cf0b01d6c7c8168b67ddca58ac460c
      Size/MD5 checksum:   150286 225957bd9f3459d8c690a2fb8d5d5c63

powerpc architecture (PowerPC)

      Size/MD5 checksum:   147524 fa550c13e958cb24c4fc6892721f1774
      Size/MD5 checksum:   556382 6c1e157b9d8c50e710e161ff56128fc3
      Size/MD5 checksum:   406432 240bb6ff7568a9c5431d6e25effd9027
      Size/MD5 checksum:    66066 c79ecde89a4bca6098631ed3b037f3c0

s390 architecture (IBM S/390)

      Size/MD5 checksum:   379214 58a06c548c099ecc78844285138a9ef4
      Size/MD5 checksum:   145948 f1aa3a82a738a93d244b9efccce0f807
      Size/MD5 checksum:   558122 ca862492d2073e62bd02e0e5035739ad
      Size/MD5 checksum:    67214 bd5a4a0caa9633cce62dab9c46b92e68

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   138374 89cca3fc13c63f2e968868c16b2c8af5
      Size/MD5 checksum:   274552 ed37167f7e16d1b5e6aad05a865ed980
      Size/MD5 checksum:    65528 fee03f7fa096f9628f1da718ee73c068
      Size/MD5 checksum:    39778 ec743031e4434bf8fac954643bc82a75


Debian GNU/Linux 4.0 alias etch
- -------------------------------Source archives:

      Size/MD5 checksum:      750 66546d031256054335cee8f1537d497d
      Size/MD5 checksum:   103759 258e5d0be4b6d58da2926840e91f80d8

Architecture independent packages:

      Size/MD5 checksum:  1086256 ba17a075cf0cb2f76c58f6ca0dabc469

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   485430 5914165d8adb198d1c4f20923e77371b
      Size/MD5 checksum:    71118 80416006c0439b5b160308c4cab38cab
      Size/MD5 checksum:   412426 a512bdf2a6e4610368268a48616e2338
      Size/MD5 checksum:   174248 a387863a4533463ea8f76d9fbe28b57b
      Size/MD5 checksum:    69232 52c3d65dc03c4bb10da3aa8997b40af2

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:   162824 d2b3d4d6d3ca0aec56e6560831a9de5a
      Size/MD5 checksum:   397324 5f3758c3dfda838c877e6d471cb784ec
      Size/MD5 checksum:   485096 7d7eba8ac57dbbaac1ec8ab081e45497
      Size/MD5 checksum:    69764 bc0c5d69fdf2165458c0e7abefdb5fbc
      Size/MD5 checksum:    64548 0eb480a8aee59e4c620ecb29f63f927c

arm architecture (ARM)

      Size/MD5 checksum:   486468 516ae37dc6deb7ced1abc66435da14fc
      Size/MD5 checksum:    64652 65150b48c91bf577e0517663b56ac2df
      Size/MD5 checksum:    68534 2224d1d73e981dfc975ad738cc734a61
      Size/MD5 checksum:   151328 2979a97bed34c836c88abe829802c577
      Size/MD5 checksum:   388904 6ec50e18fc8ac5cf410a8bc7ef1a4072

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   490476 ba319f3968b0fa50f531d5467d9efd92
      Size/MD5 checksum:   415696 4ff25eaa541c44da9bf1332fd456b778
      Size/MD5 checksum:    72070 f059cd88c0752b1d26868a37ffeb76f0
      Size/MD5 checksum:   161262 cd5af93db297ed73c29fb0e724342a1c
      Size/MD5 checksum:    70530 8c5b00fc105b08dd3300c407800fcee3

i386 architecture (Intel ia32)

      Size/MD5 checksum:   483796 42713a8d2bfe66be61c4368f9297282e
      Size/MD5 checksum:    58012 bf4c9b986448f79bde690f364675d45d
      Size/MD5 checksum:    68548 446b1ef1d65507eb4bb445b848669497
      Size/MD5 checksum:   375214 498d39c18c17337f908cdb64457080fb
      Size/MD5 checksum:   157272 c5b1383c8c6fe95fd5344c2e6a20a68f

ia64 architecture (Intel ia64)

      Size/MD5 checksum:   481248 df95ef8b6d5425231a4b5a8b83708b9a
      Size/MD5 checksum:    73840 e184768d10c05f735194fea49baf44d7
      Size/MD5 checksum:   494036 92f7e3535e7aac8ee7cff08e881daf3b
      Size/MD5 checksum:    88944 ba2be57ed59074b08f8dfd1ea54d28c5
      Size/MD5 checksum:   189582 588a03342bfe94ddcc6b0731fed7798d

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   409996 5f1081bd8d61668b018bc2bf566adbee
      Size/MD5 checksum:    70182 3e08af58bacd4b025cd0abc55bbcc469
      Size/MD5 checksum:   491132 6f717a8be2567569fc699200664c20ab
      Size/MD5 checksum:    70404 a575852e3946955cca1ef87089ed3629
      Size/MD5 checksum:   165076 3c1ce884e3de89f449886647cf04ae3f

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   489198 9ad73f874cddbe202a7751a63a123b37
      Size/MD5 checksum:   409998 8a33bfd57fc03795ab715caeb08f3efd
      Size/MD5 checksum:    70354 0317bc2a2bd8234d8199e28bdbb3c50f
      Size/MD5 checksum:    70302 5de2df205891cc2bc289f3fc226880f4
      Size/MD5 checksum:   165162 83614488ec6324a29b84df3f26a3808a

powerpc architecture (PowerPC)

      Size/MD5 checksum:    64156 5a421d03d607dc2dc850420128f58442
      Size/MD5 checksum:   393330 b172821b4e84b39350cb31dfbd73e5f3
      Size/MD5 checksum:    68906 baf6c5742ea1cb223e890645c46131a0
      Size/MD5 checksum:   158180 c2be00ea526ce53cdb99b269467aa256
      Size/MD5 checksum:   488132 32df2a8c2e258347d30a6d277d73e0fd

s390 architecture (IBM S/390)

      Size/MD5 checksum:    70056 cef8b55e97ae2b4c555ed6e2994cac52
      Size/MD5 checksum:    69478 1f1e4d4270624073cefb18ec876e8331
      Size/MD5 checksum:   489936 5053c8f2b4df8d7e962226599f550575
      Size/MD5 checksum:   379524 30d04a68c9dece51e69475de1f6a394f
      Size/MD5 checksum:   159256 5ab3f1a015e0b05a91b4990cfa3b42ca

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   155194 d7ffcb68840e2c7fa979d8a3fed874fd
      Size/MD5 checksum:    37474 a66ff5f7a46ca31ec6e5aea486b3b4f6
      Size/MD5 checksum:   273878 1edee1ee7a544a06eac0f88c9005bb06
      Size/MD5 checksum:    68566 37bff20df09804ca7d6cfe2d08c9caf5


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New util-linux packages fix programming error

January 5, 2008
It was discovered that util-linux, Miscellaneous system utilities, didn't drop privileged users and groups in the correct order in the mount and umount commands

Summary

Severity

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved