Test ID:	1.3.6.1.4.1.25623.1.1.10.2016.0256
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2016-0256)
Summary:	The remote host is missing an update for the 'util-linux' package(s) announced via the MGASA-2016-0256 advisory.
Description:	Summary: The remote host is missing an update for the 'util-linux' package(s) announced via the MGASA-2016-0256 advisory. Vulnerability Insight: The util-linux libblkid is vulnerable to a Denial of Service attack during MS-DOS partition table parsing, in the extended partition boot record (EBR). If the next EBR starts at relative offset 0, parse_dos_extended() will loop until running out of memory. An attacker could install a specially crafted MS-DOS partition table in a storage device and trick a user into using it. This library is used, among others, by systemd-udevd daemon (CVE-2016-5011). Affected Software/OS: 'util-linux' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5011 1036272 http://www.securitytracker.com/id/1036272 91683 http://www.securityfocus.com/bid/91683 RHSA-2016:2605 http://rhn.redhat.com/errata/RHSA-2016-2605.html [oss-security] 20160711 CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS http://www.openwall.com/lists/oss-security/2016/07/11/2 http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543 http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801 https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.