Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

SUSE: 2017:0553-1 Critical: Local Privilege Escalation and DoS Issues

suse
Calendar Grey February 23, 2017
Dist Suse Esm H88
SUSE has released a patch tackling two vulnerabilities in util-linux, resolving problems related to local privilege escalation and denial of service.
An update that solves two vulnerabilities and has 11 fixes An update that solves two vulnerabilities and has 11 fixes An update that solves two vulnerabilities and has 11 fixes is ...

Summary

This update for util-linux fixes a number of bugs and two security issues. The following security bugs were fixed: - CVE-2016-5011: Infinite loop DoS in libblkid while parsing DOS partition (bsc#988361) - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041). The following non-security bugs were fixed: - bsc#1008965: Ensure that the option "users,exec,dev,suid" work as expected on NFS mounts - bsc#1012504: Fix regressions in safe loop re-use patch set for libmount - bsc#1012632: Disable ro checks for mtab - bsc#1020077: fstrim: De-duplicate btrfs sub-volumes for "fstrim -a" and bind mounts - bsc#947494: mount -a would fail to recognize btrfs already mounted, address loop re-use in libmount

References

#1008965 #1012504 #1012632 #1019332 #1020077

#1023041 #947494 #966891 #978993 #982331

#983164 #987176 #988361

Cross- CVE-2016-5011 CVE-2017-2616

Affected Products:

SUSE Linux Enterprise Server for SAP 12

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2016-5011.html

https://www.suse.com/security/cve/CVE-2017-2616.html

https://bugzilla.suse.com/1008965

https://bugzilla.suse.com/1012504

https://bugzilla.suse.com/1012632

https://bugzilla.suse.com/1019332

https://bugzilla.suse.com/1020077

https://bugzilla.suse.com/1023041

https://bugzilla.suse.com/947494

https://bugzilla.suse.com/966891

https://bugzilla.suse.com/978993

https://bugzilla.suse.com/982331

https://bugzilla.suse.com/983164

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:0553-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.