Updated util-linux packages fix security vulnerability
Publication date: 14 Jul 2016Modification date: 14 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5011
Description
The util-linux libblkid is vulnerable to a Denial of Service attack during MSDOS partition table parsing, in the extended partition boot record (EBR). If the next EBR starts at relative offset 0, parse_dos_extended() will loop until running out of memory. An attacker could install a specially crafted MSDOS partition table in a storage device and trick a user into using it. This library is used, among others, by systemd-udevd daemon (CVE-2016-5011).
References
SRPMS
5/core
- util-linux-2.25.2-3.4.mga5