Advisories ยป MGASA-2016-0256

Updated util-linux packages fix security vulnerability

Publication date: 14 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5011

Description

The util-linux libblkid is vulnerable to a Denial of Service attack during
MSDOS partition table parsing, in the extended partition boot record
(EBR). If the next EBR starts at relative offset 0, parse_dos_extended()
will loop until running out of memory. An attacker could install a
specially crafted MSDOS partition table in a storage device and trick a
user into using it. This library is used, among others, by systemd-udevd
daemon (CVE-2016-5011).
                

References

SRPMS

5/core