RHSA-2016:2605

Affecting libmount package, versions <0:2.23.2-33.el7

Report new vulnerabilities
low severity
Do your applications use this vulnerable package? Test your applications

Overview

The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix(es): * It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine. (CVE-2016-5011) Red Hat would like to thank Michael Gruhn for reporting this issue. Upstream acknowledges Christian Moch as the original reporter. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

CVE
RHSA-2016:2605
Snyk ID
SNYK-CENTOS7-LIBMOUNT-273056
Published
27 Jun, 2018