openSUSE Security Update : util-linux (openSUSE-2016-1446)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for util-linux fixes the following issues :

- Consider redundant slashes when comparing paths
(bsc#982331,
util-linux-libmount-ignore-redundant-slashes.patch,
affects backport of
util-linux-libmount-cifs-is_mounted.patch).

- Use upstream compatibility patches for
--show-pt-geometry with obsolescence and deprecation
warning (bsc#990531)

- Replace cifs mount detection patch with upstream one
that covers all cases (bsc#987176).

- Reuse existing loop device to prevent possible data
corruption when multiple -o loop are used to mount a
single file (bsc#947494)

- Safe loop re-use in libmount, mount and losetup
(bsc#947494)

- UPSTREAM DIVERGENCE!!! losetup -L continues to use SLE12
SP1 and SP2 specific meaning

--logical-blocksize instead of upstream --nooverlap
(bsc#966891).

- Make release-dependent conflict with old sysvinit-tools
SLE specific, as it is required only for SLE 11 upgrade,
and breaks openSUSE staging builds (bsc#994399).

- Extended partition loop in MBR partition table leads to
DoS (bsc#988361, CVE-2016-5011)

This update was imported from the SUSE:SLE-12-SP2:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=947494
https://bugzilla.opensuse.org/show_bug.cgi?id=966891
https://bugzilla.opensuse.org/show_bug.cgi?id=982331
https://bugzilla.opensuse.org/show_bug.cgi?id=987176
https://bugzilla.opensuse.org/show_bug.cgi?id=988361
https://bugzilla.opensuse.org/show_bug.cgi?id=990531
https://bugzilla.opensuse.org/show_bug.cgi?id=994399

Solution :

Update the affected util-linux packages.

Risk factor :

Medium / CVSS Base Score : 4.7
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 95752 ()

Bugtraq ID:

CVE ID: CVE-2016-5011

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now