RHSA-2007:0235 - Security Advisory
Low: util-linux security and bug fix update
Security Advisory: Low
An updated util-linux package that corrects a security issue and fixes
several bugs is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
The util-linux package contains a collection of basic system utilities.
A flaw was found in the way the login process handled logins which did not
require authentication. Certain processes which conduct their own
authentication could allow a remote user to bypass intended access policies
which would normally be enforced by the login process. (CVE-2006-7108)
This update also fixes the following bugs:
- The partx, addpart and delpart commands were not documented.
- The "umount -l" command did not work on hung NFS mounts with cached data.
- The mount command did not mount NFS V3 share where sec=none was specified.
- The mount command did not read filesystem LABEL from unpartitioned disks.
- The mount command did not recognize labels on VFAT filesystems.
- The fdisk command did not support 4096 sector size for the "-b" option.
- The mount man page did not list option "mand" or information about
All users of util-linux should upgrade to these updated packages, which
contain backported patches to correct these issues.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
- BZ - 169299 - umount -l should work on hung NFS mounts with cached data
- BZ - 177331 - CVE-2006-7108 login omits pam_acct_mgmt & pam_chauthtok when authentication is skipped.
- BZ - 187370 - Unable to mount NFS V3 share where sec=none is specified
- BZ - 188099 - can't mount iscsi ext3 fs by label.
- BZ - 197768 - man mount' does not list option 'mand'
Red Hat Enterprise Linux for Power, big endian 4