Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisoryred hatbug fixRed Hat: RHSA-2021:0779-01 Critical: Ansible Tower Escalation Risk
Red Hat Ansible Tower 3.7.5-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Ansible Tower 3.7.5-1 - Container security and bug fix update Advisory ID: RHSA-2021:0779-01 Product: Red Hat Ansible Tower Advisory URL: https://access.redhat.com/errata/RHSA-2021:0779 Issue date: 2021-03-09 CVE Names: CVE-2019-20372 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 CVE-2020-35678 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 CVE-2021-20253 ==================================================================== 1. Summary: Red Hat Ansible Tower 3.7.5-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of autobahn to address CVE-2020-35678. * Upgraded to a more recent version of nginx to address CVE-2019-20372. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches. * Improved analytics collection to collect the playbook status for all hosts in a playbook run 3.Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://legacy-controller-docs.ansible.com/ansible-tower/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. References: https://access.redhat.com/security/cve/CVE-2019-20372 https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/cve/CVE-2020-35678 https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/cve/CVE-2021-20253 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYEeZ8tzjgjWX9erEAQj0TA/9Fx0BBmEfw4RU2SpqT9XRlHx3azelKZjL V4jVeQVG5v19MqlH1MdIG+g5bcRQFf96py45ld3yZKShwLc+VcPdgvEZ9jZpbSnl ccl7Q83Gb22AvIQn8UyGzXJ1PQ2EwIzUM24N/OF+VeG11pUaDS90Snsn0BODAgdN I5J/0qn5VOaZhMIQKmwySi+E4oIfHvjRbcu67HB20/JPEizs9/enkcgQRFkr0s77 OoBbj82Q4L/ZmT01oVHdjuSk/tYJy8t1lx9MMgmLE/7hZ6Jei0ut0C/Wl9Oj92jX HaZ1Kpjdq77KEnIJM4YZwW/ib7XxM5GQbqpHeBYMCKbw+1qJli2q8ucQWLNnT6ZR 0U7tBFxRGFYj6hnwGbk+6gart7OD7JZorMTfLQaMhdin3AGsFG46IPyYSugTlQgB ZQkl4my4t3MYuk7/al+s2zrDejx/K1X+mBu8Kjx4sOxV9tsKH/hEh7lbr0s2c2eJ rCkSIQlEKOyc3mUyG4xE8WtFTM+w1BshtuTJjgWxpkRksuaUYixxQDbyDo23//Jq IimdvGuh9cZ4yJFGHyehbW0MbF64yJMmerZpMZhnK2xgZ6idwmeIeAjTd6gcVx7N JbIXgBGeOsCUqokZr0cp4yKY2mhw1J+Qhb9VWC8Rei3UnWNz37gtwCIm88hUmgMj C5QiPiaBTJE=xpAP -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 09, 2021
•Important
Red Hat
98
security advisoryRed Hatimportant updateRed Hat: RHSA-2017-2918-01 Important: Kernel-rt Elevation Risk Advisory
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2017:2918-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://access.redhat.com/errata/RHSA-2017:2918 Issue date: 2017-10-19 CVE Names: CVE-2017-1000111 CVE-2017-1000112 CVE-2017-11176 CVE-2017-14106 CVE-2017-14340 CVE-2017-7184 CVE-2017-7541 CVE-2017-7542 CVE-2017-7558 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. (CVE-2017-7184, Important) * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handlingsynchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2017-1000111, Important) * An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important) * Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate) * An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate) * A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. (CVE-2017-7558, Moderate) * The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be usedafter being freed (use-after-free) which may lead to memory corruption or other unspecified other impact. (CVE-2017-11176, Moderate) * A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate) * A flaw was found where the XFS filesystem code mishandles a user-settable inode flag in the Linux kernel prior to 4.14-rc1. This can cause a local denial of service via a kernel panic. (CVE-2017-14340, Moderate) Red Hat would like to thank Chaitin Security Research Lab for reporting CVE-2017-7184; Willem de Bruijn for reporting CVE-2017-1000111; and Andrey Konovalov for reporting CVE-2017-1000112. The CVE-2017-7558 issue was discovered by Stefano Brivio (Red Hat) and the CVE-2017-14340 issue was discovered by Dave Chinner (Red Hat). Bug Fix(es): * kernel-rt packages have been upgraded to the 3.10.0-693.5.2 source tree, which provides number of bug fixes over the previous version. (BZ#1489085) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1435153 - CVE-2017-7184 kernel: Out-of-bounds heap access in xfrm 1470659 - CVE-2017-11176 kernel: Use-after-free in sys_mq_notify() 1473198 - CVE-2017-7541 kernel: Possible heap buffer overflow in brcmf_cfg80211_mgmt_tx() 1473649 - CVE-2017-7542 kernel: Integer overflow in ip6_find_1stfragopt() causes infinite loop 1479304 - CVE-2017-1000111 kernel: Heap out-of-bounds in AF_PACKET sockets 1479307 - CVE-2017-1000112 kernel: Exploitable memory corruption due to UFO to non-UFO path switch 1480266 - CVE-2017-7558 kernel: Out of bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() in SCTP stack 1487295 - CVE-2017-14106 kernel: Divide-by-zero in __tcp_select_window 1489085 - update the MRG 2.5.z 3.10 kernel-rtsources 1491344 - CVE-2017-14340 kernel: xfs: unprivileged user kernel oops 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-693.5.2.rt56.592.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-693.5.2.rt56.592.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-693.5.2.rt56.592.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-693.5.2.rt56.592.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-1000111 https://access.redhat.com/security/cve/CVE-2017-1000112 https://access.redhat.com/security/cve/CVE-2017-11176 https://access.redhat.com/security/cve/CVE-2017-14106 https://access.redhat.com/security/cve/CVE-2017-14340 https://access.redhat.com/security/cve/CVE-2017-7184 https://access.redhat.com/security/cve/CVE-2017-7541 https://access.redhat.com/security/cve/CVE-2017-7542 https://access.redhat.com/security/cve/CVE-2017-7558 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGPSIGNATURE----- Version: GnuPG v1 iD8DBQFZ6KeeXlSAg2UNWIIRAs+6AJ4vp6yS5vYmoNllGXBwplHVtfcgpwCgxLPY BX0TvrYMD0+7rGO20PButvc=gOju -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 19, 2017
•Important
Red Hat
98
security advisorymoderateRed HatRed Hat: RHSA-2009:0373-01 Moderate Elevation Risk in SystemTap
Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: systemtap security update Advisory ID: RHSA-2009:0373-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:0373.html Issue date: 2009-03-26 CVE Names: CVE-2009-0784 ==================================================================== 1. Summary: Updated systemtap packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SystemTap is an instrumentation infrastructure for systems running version 2.6 of the Linux kernel. SystemTap scripts can collect system operations data, greatly simplifying information gathering. Collected data can then assist in performance measuring, functional testing, and performance and function problem diagnosis. A race condition was discovered in SystemTap that could allow users in the stapusr group to elevate privileges to that of members of the stapdev group (and hence root), bypassing directory confinement restrictions and allowing them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784) Note: This issue was only exploitable if another SystemTap kernelmodule was placed in the "systemtap/" module directory for the currently running kernel. Red Hat would like to thank Erik Sjölund for reporting this issue. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 489808 - CVE-2009-0784 systemtap: race condition leads to privilege escalation 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: systemtap-0.6.2-2.el4_7.i386.rpm systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm systemtap-runtime-0.6.2-2.el4_7.i386.rpm systemtap-testsuite-0.6.2-2.el4_7.i386.rpm ia64: systemtap-0.6.2-2.el4_7.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_7.ia64.rpm systemtap-runtime-0.6.2-2.el4_7.ia64.rpm systemtap-testsuite-0.6.2-2.el4_7.ia64.rpm ppc: systemtap-0.6.2-2.el4_7.ppc64.rpm systemtap-debuginfo-0.6.2-2.el4_7.ppc64.rpm systemtap-runtime-0.6.2-2.el4_7.ppc64.rpm systemtap-testsuite-0.6.2-2.el4_7.ppc64.rpm x86_64: systemtap-0.6.2-2.el4_7.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: systemtap-0.6.2-2.el4_7.i386.rpm systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm systemtap-runtime-0.6.2-2.el4_7.i386.rpm systemtap-testsuite-0.6.2-2.el4_7.i386.rpm x86_64: systemtap-0.6.2-2.el4_7.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm Red Hat Enterprise Linux ES version4: Source: i386: systemtap-0.6.2-2.el4_7.i386.rpm systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm systemtap-runtime-0.6.2-2.el4_7.i386.rpm systemtap-testsuite-0.6.2-2.el4_7.i386.rpm ia64: systemtap-0.6.2-2.el4_7.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_7.ia64.rpm systemtap-runtime-0.6.2-2.el4_7.ia64.rpm systemtap-testsuite-0.6.2-2.el4_7.ia64.rpm x86_64: systemtap-0.6.2-2.el4_7.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: systemtap-0.6.2-2.el4_7.i386.rpm systemtap-debuginfo-0.6.2-2.el4_7.i386.rpm systemtap-runtime-0.6.2-2.el4_7.i386.rpm systemtap-testsuite-0.6.2-2.el4_7.i386.rpm ia64: systemtap-0.6.2-2.el4_7.ia64.rpm systemtap-debuginfo-0.6.2-2.el4_7.ia64.rpm systemtap-runtime-0.6.2-2.el4_7.ia64.rpm systemtap-testsuite-0.6.2-2.el4_7.ia64.rpm x86_64: systemtap-0.6.2-2.el4_7.x86_64.rpm systemtap-debuginfo-0.6.2-2.el4_7.x86_64.rpm systemtap-runtime-0.6.2-2.el4_7.x86_64.rpm systemtap-testsuite-0.6.2-2.el4_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: systemtap-0.7.2-3.el5_3.i386.rpm systemtap-client-0.7.2-3.el5_3.i386.rpm systemtap-debuginfo-0.7.2-3.el5_3.i386.rpm systemtap-runtime-0.7.2-3.el5_3.i386.rpm systemtap-server-0.7.2-3.el5_3.i386.rpm systemtap-testsuite-0.7.2-3.el5_3.i386.rpm x86_64: systemtap-0.7.2-3.el5_3.x86_64.rpm systemtap-client-0.7.2-3.el5_3.x86_64.rpm systemtap-debuginfo-0.7.2-3.el5_3.x86_64.rpm systemtap-runtime-0.7.2-3.el5_3.x86_64.rpm systemtap-server-0.7.2-3.el5_3.x86_64.rpm systemtap-testsuite-0.7.2-3.el5_3.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: systemtap-0.7.2-3.el5_3.i386.rpm systemtap-client-0.7.2-3.el5_3.i386.rpm systemtap-debuginfo-0.7.2-3.el5_3.i386.rpm systemtap-runtime-0.7.2-3.el5_3.i386.rpm systemtap-server-0.7.2-3.el5_3.i386.rpm systemtap-testsuite-0.7.2-3.el5_3.i386.rpm ia64: systemtap-0.7.2-3.el5_3.ia64.rpm systemtap-client-0.7.2-3.el5_3.ia64.rpm systemtap-debuginfo-0.7.2-3.el5_3.ia64.rpm systemtap-runtime-0.7.2-3.el5_3.ia64.rpm systemtap-server-0.7.2-3.el5_3.ia64.rpm systemtap-testsuite-0.7.2-3.el5_3.ia64.rpm ppc: systemtap-0.7.2-3.el5_3.ppc64.rpm systemtap-client-0.7.2-3.el5_3.ppc64.rpm systemtap-debuginfo-0.7.2-3.el5_3.ppc64.rpm systemtap-runtime-0.7.2-3.el5_3.ppc64.rpm systemtap-server-0.7.2-3.el5_3.ppc64.rpm systemtap-testsuite-0.7.2-3.el5_3.ppc64.rpm s390x: systemtap-0.7.2-3.el5_3.s390x.rpm systemtap-client-0.7.2-3.el5_3.s390x.rpm systemtap-debuginfo-0.7.2-3.el5_3.s390x.rpm systemtap-runtime-0.7.2-3.el5_3.s390x.rpm systemtap-server-0.7.2-3.el5_3.s390x.rpm systemtap-testsuite-0.7.2-3.el5_3.s390x.rpm x86_64: systemtap-0.7.2-3.el5_3.x86_64.rpm systemtap-client-0.7.2-3.el5_3.x86_64.rpm systemtap-debuginfo-0.7.2-3.el5_3.x86_64.rpm systemtap-runtime-0.7.2-3.el5_3.x86_64.rpm systemtap-server-0.7.2-3.el5_3.x86_64.rpm systemtap-testsuite-0.7.2-3.el5_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-0784 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. . Revised SystemTap bundles mitigate a moderate risk for users of Red Hat Enterprise Linux versions 4 and 5.. SystemTap Update, Red Hat Security, Privilege Elevation, Kernel Security. . LinuxSecurity.com Team
Mar 26, 2009
Red Hat
98
security advisorysecurity issueRed Hat Enterprise LinuxRed Hat: RHSA-2005:782-01 Moderate: Elevation Risk in Util-linux
Updated util-linux and mount packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: util-linux and mount security update Advisory ID: RHSA-2005:782-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:782.html Issue date: 2005-10-11 Updated on: 2005-10-11 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2876 CAN-2001-1494 - ---------------------------------------------------------------------1. Summary: Updated util-linux and mount packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The mount package contains the mount, umount, swapon and swapoff programs. A bug was found in the way the umount command is executed by normal users. It may be possible for a user to gain elevated privilegesif the user is able to execute the "umount -r" command on a mounted file system. The file system will be re-mounted only with the "readonly" flag set, clearing flags such as "nosuid" and "noexec". The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2876 to this issue. This update also fixes a hardlink bug in the script command for Red Hat Enterprise Linux 2.1. If a local user places a hardlinked file named "typescript" in a directory they have write access to, the file will be overwritten if the user running script has write permissions to the destination file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-1494 to this issue. All users of util-linux and mount should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 161337 - CAN-2001-1494 hardlink vulnerability in 'script' command 168206 - CAN-2005-2876 umount unsafe -r usage 168209 - CAN-2005-2876 umount unsafe -r usage 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: d3282353910c50c68ebfb44cacb6c30f mount-2.11g-9.src.rpm 8a7547d3dd15711353a976fd47e04176 util-linux-2.11f-20.8.src.rpm i386: 7e1c7b7c2c2fa29085e7e6897e88078d losetup-2.11g-9.i386.rpm ffaa56d9acad22b210f2f4ea509b5ec1 mount-2.11g-9.i386.rpm 3e64e8635bd18d364511ad564dab373f util-linux-2.11f-20.8.i386.rpm ia64: 6f83321e29bfe52139ae9255dead0f9c losetup-2.11g-9.ia64.rpm 8ce58c073113458c7a35df7912ea3746 mount-2.11g-9.ia64.rpm ea0ede106e89ece2883f5dfa545c1429 util-linux-2.11f-20.8.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: d3282353910c50c68ebfb44cacb6c30f mount-2.11g-9.src.rpm 8a7547d3dd15711353a976fd47e04176 util-linux-2.11f-20.8.src.rpm ia64: 6f83321e29bfe52139ae9255dead0f9c losetup-2.11g-9.ia64.rpm 8ce58c073113458c7a35df7912ea3746 mount-2.11g-9.ia64.rpm ea0ede106e89ece2883f5dfa545c1429 util-linux-2.11f-20.8.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: d3282353910c50c68ebfb44cacb6c30f mount-2.11g-9.src.rpm 8a7547d3dd15711353a976fd47e04176 util-linux-2.11f-20.8.src.rpm i386: 7e1c7b7c2c2fa29085e7e6897e88078d losetup-2.11g-9.i386.rpm ffaa56d9acad22b210f2f4ea509b5ec1 mount-2.11g-9.i386.rpm 3e64e8635bd18d364511ad564dab373f util-linux-2.11f-20.8.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: d3282353910c50c68ebfb44cacb6c30f mount-2.11g-9.src.rpm 8a7547d3dd15711353a976fd47e04176 util-linux-2.11f-20.8.src.rpm i386: 7e1c7b7c2c2fa29085e7e6897e88078d losetup-2.11g-9.i386.rpm ffaa56d9acad22b210f2f4ea509b5ec1 mount-2.11g-9.i386.rpm 3e64e8635bd18d364511ad564dab373f util-linux-2.11f-20.8.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: 7a562d571237203634c8009d2c506921 util-linux-2.11y-31.11.src.rpm i386: b89a7d466e3cead507c00776aae3b437 losetup-2.11y-31.11.i386.rpm df678149ef9fe3c088f7ca6af1697337 mount-2.11y-31.11.i386.rpm e5fa25f4caa04749eb39430e45ab7bd3 util-linux-2.11y-31.11.i386.rpm ia64: ebbb6f700b72357c03220f32a1e8a164 losetup-2.11y-31.11.ia64.rpm 67526f76a9e66c74faad8ce7ce290a9d mount-2.11y-31.11.ia64.rpm 00657fbd14ab30ddec29724783288fb1 util-linux-2.11y-31.11.ia64.rpm ppc: b4fb144ebf8ba11e59fbac9de6bd2b95 losetup-2.11y-31.11.ppc.rpm 2638872b02dd777c17bc30e2f6489f04 mount-2.11y-31.11.ppc.rpm 70a8b932588c3c36232b9e447c4bb9c3 util-linux-2.11y-31.11.ppc.rpm s390: e4f001ff1d9fd90e0c582031fa3b0216 losetup-2.11y-31.11.s390.rpm a6a1ca2a10b378fb25d4a862ef3cb645 mount-2.11y-31.11.s390.rpm 068f5f2c4f13dd5b45af98a9ea3c9da5 util-linux-2.11y-31.11.s390.rpm s390x: 303c1e4eb9a401bb562e95f112cb86ad losetup-2.11y-31.11.s390x.rpm 5ad992ec8f902bced723a7b06c5febb2 mount-2.11y-31.11.s390x.rpm b0d09f13c674c79fb04a389765517473 util-linux-2.11y-31.11.s390x.rpm x86_64: d7a946efdfbf418dad33828622c9f550 losetup-2.11y-31.11.x86_64.rpm b90e15d4e39913757550b9362a98bfb2 mount-2.11y-31.11.x86_64.rpm 6f2df633740943a84fa5f06d3ff41f54 util-linux-2.11y-31.11.x86_64.rpm Red Hat Desktop version 3: SRPMS: 7a562d571237203634c8009d2c506921 util-linux-2.11y-31.11.src.rpm i386: b89a7d466e3cead507c00776aae3b437 losetup-2.11y-31.11.i386.rpm df678149ef9fe3c088f7ca6af1697337 mount-2.11y-31.11.i386.rpm e5fa25f4caa04749eb39430e45ab7bd3 util-linux-2.11y-31.11.i386.rpm x86_64: d7a946efdfbf418dad33828622c9f550 losetup-2.11y-31.11.x86_64.rpm b90e15d4e39913757550b9362a98bfb2 mount-2.11y-31.11.x86_64.rpm 6f2df633740943a84fa5f06d3ff41f54 util-linux-2.11y-31.11.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: 7a562d571237203634c8009d2c506921 util-linux-2.11y-31.11.src.rpm i386: b89a7d466e3cead507c00776aae3b437 losetup-2.11y-31.11.i386.rpm df678149ef9fe3c088f7ca6af1697337 mount-2.11y-31.11.i386.rpm e5fa25f4caa04749eb39430e45ab7bd3 util-linux-2.11y-31.11.i386.rpm ia64: ebbb6f700b72357c03220f32a1e8a164 losetup-2.11y-31.11.ia64.rpm 67526f76a9e66c74faad8ce7ce290a9d mount-2.11y-31.11.ia64.rpm 00657fbd14ab30ddec29724783288fb1 util-linux-2.11y-31.11.ia64.rpm x86_64: d7a946efdfbf418dad33828622c9f550 losetup-2.11y-31.11.x86_64.rpm b90e15d4e39913757550b9362a98bfb2 mount-2.11y-31.11.x86_64.rpm 6f2df633740943a84fa5f06d3ff41f54 util-linux-2.11y-31.11.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 7a562d571237203634c8009d2c506921 util-linux-2.11y-31.11.src.rpm i386: b89a7d466e3cead507c00776aae3b437 losetup-2.11y-31.11.i386.rpm df678149ef9fe3c088f7ca6af1697337 mount-2.11y-31.11.i386.rpm e5fa25f4caa04749eb39430e45ab7bd3 util-linux-2.11y-31.11.i386.rpm ia64: ebbb6f700b72357c03220f32a1e8a164 losetup-2.11y-31.11.ia64.rpm 67526f76a9e66c74faad8ce7ce290a9d mount-2.11y-31.11.ia64.rpm 00657fbd14ab30ddec29724783288fb1 util-linux-2.11y-31.11.ia64.rpm x86_64: d7a946efdfbf418dad33828622c9f550 losetup-2.11y-31.11.x86_64.rpm b90e15d4e39913757550b9362a98bfb2 mount-2.11y-31.11.x86_64.rpm 6f2df633740943a84fa5f06d3ff41f54 util-linux-2.11y-31.11.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: fbbc6f06d4675b42e2bd0ba1bd1d6c57 util-linux-2.12a-16.EL4.12.src.rpm i386: beb2444974794726ad73218c92ca2336 util-linux-2.12a-16.EL4.12.i386.rpm ia64: 811dcc7c533e68518555267c9c793b6e util-linux-2.12a-16.EL4.12.ia64.rpm ppc: deedcd5da6fcedff331a3e71b09b74c6 util-linux-2.12a-16.EL4.12.ppc.rpm s390: 390077578fdd458b402328d53ab574b8 util-linux-2.12a-16.EL4.12.s390.rpm s390x: c3324d5388df1577789df5b486ec810b util-linux-2.12a-16.EL4.12.s390x.rpm x86_64: f8f59f58506acb3ba4c3ce9b5a8cebc0 util-linux-2.12a-16.EL4.12.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: fbbc6f06d4675b42e2bd0ba1bd1d6c57 util-linux-2.12a-16.EL4.12.src.rpm i386: beb2444974794726ad73218c92ca2336 util-linux-2.12a-16.EL4.12.i386.rpm x86_64: f8f59f58506acb3ba4c3ce9b5a8cebc0 util-linux-2.12a-16.EL4.12.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: fbbc6f06d4675b42e2bd0ba1bd1d6c57 util-linux-2.12a-16.EL4.12.src.rpm i386: beb2444974794726ad73218c92ca2336 util-linux-2.12a-16.EL4.12.i386.rpm ia64: 811dcc7c533e68518555267c9c793b6e util-linux-2.12a-16.EL4.12.ia64.rpm x86_64: f8f59f58506acb3ba4c3ce9b5a8cebc0 util-linux-2.12a-16.EL4.12.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: fbbc6f06d4675b42e2bd0ba1bd1d6c57 util-linux-2.12a-16.EL4.12.src.rpm i386: beb2444974794726ad73218c92ca2336 util-linux-2.12a-16.EL4.12.i386.rpm ia64: 811dcc7c533e68518555267c9c793b6e util-linux-2.12a-16.EL4.12.ia64.rpm x86_64: f8f59f58506acb3ba4c3ce9b5a8cebc0 util-linux-2.12a-16.EL4.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-2876 https://www.cve.org/CVERecord?id=CAN-2001-1494 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . SUSE enhances coreutils and rpm packages, resolving two vulnerabilities of moderate severity that influence multiple systems.. Util-linux Update, Mount Security Patch, Red Hat Vulnerability. . LinuxSecurity.com Team
Oct 11, 2005
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!