Synopsis

Low: util-linux security, bug fix, and enhancement update

Type/Severity

Security Advisory: Low

Topic

An updated util-linux package that fixes multiple security issues, various
bugs, and adds two enhancements is now available for Red Hat
Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among others,
util-linux contains the fdisk configuration tool and the login program.

Multiple flaws were found in the way the mount and umount commands
performed mtab (mounted file systems table) file updates. A local,
unprivileged user allowed to mount or unmount file systems could use these
flaws to corrupt the mtab file and create a stale lock file, preventing
other users from mounting and unmounting file systems. (CVE-2011-1675,
CVE-2011-1677)

This update also fixes the following bugs:

• When the user logged into a telnet server, the login utility did not
  update the utmp database properly if the utility was executed from the
  telnetd daemon. This was due to telnetd not creating an appropriate entry
  in a utmp file before executing login. With this update, correct entries
  are created and the database is updated properly. (BZ#646300)
  
• Various options were not described on the blockdev(8) manual page. With
  this update, the blockdev(8) manual page includes all the relevant options.
  (BZ#650937)
  
• Prior to this update, the build process of the util-linux package failed
  in the po directory with the following error message: "@MKINSTALLDIRS@:
  No such file or directory". An upstream patch has been applied to address
  this issue, and the util-linux package now builds successfully. (BZ#677452)
  
• Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an invalid
  option, "-b". With this update, only valid options are listed on those
  manual pages. (BZ#678407)
  
• Previously, the mount(8) manual page contained incomplete information
  about the ext4 and XFS file systems. With this update, the mount(8) manual
  page contains the missing information. (BZ#699639)
  

In addition, this update adds the following enhancements:

• Previously, if DOS mode was enabled on a device, the fdisk utility could
  report error messages similar to the following:
  

Partition 1 has different physical/logical beginnings (non-Linux?):
phys=(0, 1, 1) logical=(0, 2, 7)

This update enables users to switch off DOS compatible mode (by specifying
the "-c" option), and such error messages are no longer displayed.
(BZ#678430)

• This update adds the "fsfreeze" command which halts access to a file
  system on a disk. (BZ#726572)
  

All users of util-linux are advised to upgrade to this updated package,
which contains backported patches to correct these issues and add these
enhancements.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 646300 - login doesn't update /var/run/utmp properly
• BZ - 650937 - blockdev man page missing information
• BZ - 677452 - util-linux fails to build with gettext-0.17
• BZ - 678407 - [RHEL 5] ipcs and ipcrm in wrong man section
• BZ - 695916 - CVE-2011-1675 util-linux: mount fails to anticipate RLIMIT_FSIZE
• BZ - 695924 - CVE-2011-1677 util-linux: umount may fail to remove /etc/mtab~ lock file
• BZ - 699639 - mount man page is missing support for ext4/xfs

CVEs

• CVE-2011-1677
• CVE-2011-1675

References

• https://access.redhat.com/security/updates/classification/#low

Red Hat Enterprise Linux Server 5

SRPM
util-linux-2.13-0.59.el5.src.rpm	SHA-256: d84aa5d4d5867a2f971bb448b4837e591117b6fb03fc4a9c14a68749ef6a1186
x86_64
util-linux-2.13-0.59.el5.x86_64.rpm	SHA-256: 2e1a4f7bcac97c0365b6dd4fd1c3be60bc1a4540b680f5b44aff73c04850d246
util-linux-debuginfo-2.13-0.59.el5.x86_64.rpm	SHA-256: 6e0cd866bdbfa2accca474bcb9f10c532fa3bf2a83e917d3f0e1eed6ce1b2807
ia64
util-linux-2.13-0.59.el5.ia64.rpm	SHA-256: 421d0c44a36c6093dbc2521d7873d7274a8d4036bd1b57bbea907965460ec26e
util-linux-debuginfo-2.13-0.59.el5.ia64.rpm	SHA-256: 97d540ffbc75ab805f626c4b8b92dc168bfdb91aaad3a1961f29dc666c34f60c
i386
util-linux-2.13-0.59.el5.i386.rpm	SHA-256: d81e0856fe6a02feeb22ab9d6ec9ee96a5c1cf20a5964cfa21fdb6cc180c2181
util-linux-debuginfo-2.13-0.59.el5.i386.rpm	SHA-256: 51ec08d3bba87c676f3a1909d6821dd0d15c48baf6a796ece9bb3be90c05005a

Red Hat Enterprise Linux Workstation 5

SRPM
util-linux-2.13-0.59.el5.src.rpm	SHA-256: d84aa5d4d5867a2f971bb448b4837e591117b6fb03fc4a9c14a68749ef6a1186
x86_64
util-linux-2.13-0.59.el5.x86_64.rpm	SHA-256: 2e1a4f7bcac97c0365b6dd4fd1c3be60bc1a4540b680f5b44aff73c04850d246
util-linux-debuginfo-2.13-0.59.el5.x86_64.rpm	SHA-256: 6e0cd866bdbfa2accca474bcb9f10c532fa3bf2a83e917d3f0e1eed6ce1b2807
i386
util-linux-2.13-0.59.el5.i386.rpm	SHA-256: d81e0856fe6a02feeb22ab9d6ec9ee96a5c1cf20a5964cfa21fdb6cc180c2181
util-linux-debuginfo-2.13-0.59.el5.i386.rpm	SHA-256: 51ec08d3bba87c676f3a1909d6821dd0d15c48baf6a796ece9bb3be90c05005a

Red Hat Enterprise Linux Desktop 5

SRPM
util-linux-2.13-0.59.el5.src.rpm	SHA-256: d84aa5d4d5867a2f971bb448b4837e591117b6fb03fc4a9c14a68749ef6a1186
x86_64
util-linux-2.13-0.59.el5.x86_64.rpm	SHA-256: 2e1a4f7bcac97c0365b6dd4fd1c3be60bc1a4540b680f5b44aff73c04850d246
util-linux-debuginfo-2.13-0.59.el5.x86_64.rpm	SHA-256: 6e0cd866bdbfa2accca474bcb9f10c532fa3bf2a83e917d3f0e1eed6ce1b2807
i386
util-linux-2.13-0.59.el5.i386.rpm	SHA-256: d81e0856fe6a02feeb22ab9d6ec9ee96a5c1cf20a5964cfa21fdb6cc180c2181
util-linux-debuginfo-2.13-0.59.el5.i386.rpm	SHA-256: 51ec08d3bba87c676f3a1909d6821dd0d15c48baf6a796ece9bb3be90c05005a

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
util-linux-2.13-0.59.el5.src.rpm	SHA-256: d84aa5d4d5867a2f971bb448b4837e591117b6fb03fc4a9c14a68749ef6a1186
s390x
util-linux-2.13-0.59.el5.s390x.rpm	SHA-256: 395c11d542a822d76bc938b281f2b95833eef04191ca4a233a3fcc315bbbe892
util-linux-debuginfo-2.13-0.59.el5.s390x.rpm	SHA-256: 3e0a90f4e4c009a2714742316d0f835c589e70011872fee7e13925922de988a2

Red Hat Enterprise Linux for Power, big endian 5

SRPM
util-linux-2.13-0.59.el5.src.rpm	SHA-256: d84aa5d4d5867a2f971bb448b4837e591117b6fb03fc4a9c14a68749ef6a1186
ppc
util-linux-2.13-0.59.el5.ppc.rpm	SHA-256: d00eab5acc9dde75faf3f297166b50ef819ff4a88a6133c46ada15513447af2e
util-linux-debuginfo-2.13-0.59.el5.ppc.rpm	SHA-256: e142b31c18dd1ff9c7d51b2c6534699f5db647403b48b45b339af371d87c5d8b

Red Hat Enterprise Linux Server from RHUI 5

SRPM
util-linux-2.13-0.59.el5.src.rpm	SHA-256: d84aa5d4d5867a2f971bb448b4837e591117b6fb03fc4a9c14a68749ef6a1186
x86_64
util-linux-2.13-0.59.el5.x86_64.rpm	SHA-256: 2e1a4f7bcac97c0365b6dd4fd1c3be60bc1a4540b680f5b44aff73c04850d246
util-linux-debuginfo-2.13-0.59.el5.x86_64.rpm	SHA-256: 6e0cd866bdbfa2accca474bcb9f10c532fa3bf2a83e917d3f0e1eed6ce1b2807
i386
util-linux-2.13-0.59.el5.i386.rpm	SHA-256: d81e0856fe6a02feeb22ab9d6ec9ee96a5c1cf20a5964cfa21fdb6cc180c2181
util-linux-debuginfo-2.13-0.59.el5.i386.rpm	SHA-256: 51ec08d3bba87c676f3a1909d6821dd0d15c48baf6a796ece9bb3be90c05005a