openSUSE Security Update : util-linux (openSUSE-2017-306)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for util-linux fixes the following issues :

This security issue was fixed :

- CVE-2017-2616: In su with PAM support it was possible
for local users to send SIGKILL to selected other
processes with root privileges (bsc#1023041).

This non-security issues were fixed :

- lscpu: Implement WSL detection and work around crash
(bsc#1019332)

- fstrim: De-duplicate btrfs sub-volumes for 'fstrim -a'
and bind mounts (bsc#1020077)

- Fix regressions in safe loop re-use patch set for
libmount (bsc#1012504)

- Disable ro checks for mtab (bsc#1012632)

- Ensure that the option 'users,exec,dev,suid' work as
expected on NFS mounts (bsc#1008965)

- Fix empty slave detection to prevent 100% CPU load in
some cases (bsc#1020985)

This update was imported from the SUSE:SLE-12-SP2:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1008965
https://bugzilla.opensuse.org/show_bug.cgi?id=1012504
https://bugzilla.opensuse.org/show_bug.cgi?id=1012632
https://bugzilla.opensuse.org/show_bug.cgi?id=1019332
https://bugzilla.opensuse.org/show_bug.cgi?id=1020077
https://bugzilla.opensuse.org/show_bug.cgi?id=1020985
https://bugzilla.opensuse.org/show_bug.cgi?id=1023041

Solution :

Update the affected util-linux packages.

Risk factor :

High

Family: SuSE Local Security Checks

Nessus Plugin ID: 97565 ()

Bugtraq ID:

CVE ID: CVE-2017-2616

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now