Red Hat Local Security Checks : RedHat Update for util-linux RHSA-2016:2605-02

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871684

Categoría: Red Hat Local Security Checks

Título: RedHat Update for util-linux RHSA-2016:2605-02

Resumen: The remote host is missing an update for the 'util-linux'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'util-linux'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The util-linux packages contain a large
variety of low-level system utilities that are necessary for a Linux system to
function. Among others, these include the fdisk configuration tool and the
login program.

Security Fix(es):

* It was found that util-linux's libblkid library did not properly handle
Extended Boot Record (EBR) partitions when reading MS-DOS partition tables.
An attacker with physical USB access to a protected machine could insert a
storage device with a specially crafted partition table that could, for
example, trigger an infinite loop in systemd-udevd, resulting in a denial
of service on that machine. (CVE-2016-5011)

Red Hat would like to thank Michael Gruhn for reporting this issue.
Upstream acknowledges Christian Moch as the original reporter.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section.

Affected Software/OS:
util-linux on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5011
1036272
http://www.securitytracker.com/id/1036272
91683
http://www.securityfocus.com/bid/91683
RHSA-2016:2605
http://rhn.redhat.com/errata/RHSA-2016-2605.html
[oss-security] 20160711 CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS
http://www.openwall.com/lists/oss-security/2016/07/11/2
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871684
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for util-linux RHSA-2016:2605-02
Resumen:	The remote host is missing an update for the 'util-linux'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'util-linux' package(s) announced via the referenced advisory. Vulnerability Insight: The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix(es): * It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine. (CVE-2016-5011) Red Hat would like to thank Michael Gruhn for reporting this issue. Upstream acknowledges Christian Moch as the original reporter. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. Affected Software/OS: util-linux on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5011 1036272 http://www.securitytracker.com/id/1036272 91683 http://www.securityfocus.com/bid/91683 RHSA-2016:2605 http://rhn.redhat.com/errata/RHSA-2016-2605.html [oss-security] 20160711 CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS http://www.openwall.com/lists/oss-security/2016/07/11/2 http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543 http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801 https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3
Copyright	Copyright (C) 2016 Greenbone AG