- Issued:
- 2007-05-01
- Updated:
- 2007-05-01
RHSA-2007:0235 - Security Advisory
Synopsis
Low: util-linux security and bug fix update
Type/Severity
Security Advisory: Low
Topic
An updated util-linux package that corrects a security issue and fixes
several bugs is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Description
The util-linux package contains a collection of basic system utilities.
A flaw was found in the way the login process handled logins which did not
require authentication. Certain processes which conduct their own
authentication could allow a remote user to bypass intended access policies
which would normally be enforced by the login process. (CVE-2006-7108)
This update also fixes the following bugs:
- The partx, addpart and delpart commands were not documented.
- The "umount -l" command did not work on hung NFS mounts with cached data.
- The mount command did not mount NFS V3 share where sec=none was specified.
- The mount command did not read filesystem LABEL from unpartitioned disks.
- The mount command did not recognize labels on VFAT filesystems.
- The fdisk command did not support 4096 sector size for the "-b" option.
- The mount man page did not list option "mand" or information about
/etc/mtab limitations.
All users of util-linux should upgrade to these updated packages, which
contain backported patches to correct these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 169299 - umount -l should work on hung NFS mounts with cached data
- BZ - 177331 - CVE-2006-7108 login omits pam_acct_mgmt & pam_chauthtok when authentication is skipped.
- BZ - 187370 - Unable to mount NFS V3 share where sec=none is specified
- BZ - 188099 - can't mount iscsi ext3 fs by label.
- BZ - 197768 - man mount' does not list option 'mand'
CVEs
References
Red Hat Enterprise Linux Server 4
| SRPM | |
|---|---|
| util-linux-2.12a-16.EL4.25.src.rpm | SHA-256: 7f4f7f3aa090b9c0af5db193ea91e7965c2c3c82db1f448e335c9c0dd2233721 |
| x86_64 | |
| util-linux-2.12a-16.EL4.25.x86_64.rpm | SHA-256: 117b4bc970659b060773665b8577f91450ee2172225eef3353a1f3c457be329e |
| util-linux-2.12a-16.EL4.25.x86_64.rpm | SHA-256: 117b4bc970659b060773665b8577f91450ee2172225eef3353a1f3c457be329e |
| ia64 | |
| util-linux-2.12a-16.EL4.25.ia64.rpm | SHA-256: 69f2511c11ef91a4acc1458c9b36121c1e18a27fa8b9287e56e400c872be762e |
| util-linux-2.12a-16.EL4.25.ia64.rpm | SHA-256: 69f2511c11ef91a4acc1458c9b36121c1e18a27fa8b9287e56e400c872be762e |
| i386 | |
| util-linux-2.12a-16.EL4.25.i386.rpm | SHA-256: ddf29856b2571e21503a8ae9403fdbd6b8855c9a8cb101c9bdc41bcd5dc42eb6 |
| util-linux-2.12a-16.EL4.25.i386.rpm | SHA-256: ddf29856b2571e21503a8ae9403fdbd6b8855c9a8cb101c9bdc41bcd5dc42eb6 |
Red Hat Enterprise Linux Workstation 4
| SRPM | |
|---|---|
| util-linux-2.12a-16.EL4.25.src.rpm | SHA-256: 7f4f7f3aa090b9c0af5db193ea91e7965c2c3c82db1f448e335c9c0dd2233721 |
| x86_64 | |
| util-linux-2.12a-16.EL4.25.x86_64.rpm | SHA-256: 117b4bc970659b060773665b8577f91450ee2172225eef3353a1f3c457be329e |
| ia64 | |
| util-linux-2.12a-16.EL4.25.ia64.rpm | SHA-256: 69f2511c11ef91a4acc1458c9b36121c1e18a27fa8b9287e56e400c872be762e |
| i386 | |
| util-linux-2.12a-16.EL4.25.i386.rpm | SHA-256: ddf29856b2571e21503a8ae9403fdbd6b8855c9a8cb101c9bdc41bcd5dc42eb6 |
Red Hat Enterprise Linux Desktop 4
| SRPM | |
|---|---|
| util-linux-2.12a-16.EL4.25.src.rpm | SHA-256: 7f4f7f3aa090b9c0af5db193ea91e7965c2c3c82db1f448e335c9c0dd2233721 |
| x86_64 | |
| util-linux-2.12a-16.EL4.25.x86_64.rpm | SHA-256: 117b4bc970659b060773665b8577f91450ee2172225eef3353a1f3c457be329e |
| i386 | |
| util-linux-2.12a-16.EL4.25.i386.rpm | SHA-256: ddf29856b2571e21503a8ae9403fdbd6b8855c9a8cb101c9bdc41bcd5dc42eb6 |
Red Hat Enterprise Linux for IBM z Systems 4
| SRPM | |
|---|---|
| util-linux-2.12a-16.EL4.25.src.rpm | SHA-256: 7f4f7f3aa090b9c0af5db193ea91e7965c2c3c82db1f448e335c9c0dd2233721 |
| s390x | |
| util-linux-2.12a-16.EL4.25.s390x.rpm | SHA-256: 6bc2d0bd6e5832935a7abe73aab0ae77551be186d2b5e97d1150055eeee730e7 |
| s390 | |
| util-linux-2.12a-16.EL4.25.s390.rpm | SHA-256: b43c1db0acf88654e12d50ece2e74cbf7d53e29716c4de3ef5d4579811c93000 |
Red Hat Enterprise Linux for Power, big endian 4
| SRPM | |
|---|---|
| util-linux-2.12a-16.EL4.25.src.rpm | SHA-256: 7f4f7f3aa090b9c0af5db193ea91e7965c2c3c82db1f448e335c9c0dd2233721 |
| ppc | |
| util-linux-2.12a-16.EL4.25.ppc.rpm | SHA-256: 9383744a7cd630a56fb7866b8aee60ccd9c2dcb30c3933dac52b902784b3efb2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.