Advisories » MGASA-2016-0256

Updated util-linux packages fix security vulnerability

Publication date: 14 Jul 2016
Modification date: 14 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5011

Description

The util-linux libblkid is vulnerable to a Denial of Service attack during
MSDOS partition table parsing, in the extended partition boot record
(EBR). If the next EBR starts at relative offset 0, parse_dos_extended()
will loop until running out of memory. An attacker could install a
specially crafted MSDOS partition table in a storage device and trick a
user into using it. This library is used, among others, by systemd-udevd
daemon (CVE-2016-5011).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18922
• http://openwall.com/lists/oss-security/2016/07/11/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011

SRPMS

5/core

• util-linux-2.25.2-3.4.mga5