openSUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:3102-1 Rating: moderate References: #947494 #966891 #982331 #987176 #988361 #990531 #994399 Cross-References: CVE-2016-5011 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for util-linux fixes the following issues: - Consider redundant slashes when comparing paths (bsc#982331, util-linux-libmount-ignore-redundant-slashes.patch, affects backport of util-linux-libmount-cifs-is_mounted.patch). - Use upstream compatibility patches for --show-pt-geometry with obsolescence and deprecation warning (bsc#990531) - Replace cifs mount detection patch with upstream one that covers all cases (bsc#987176). - Reuse existing loop device to prevent possible data corruption when multiple -o loop are used to mount a single file (bsc#947494) - Safe loop re-use in libmount, mount and losetup (bsc#947494) - UPSTREAM DIVERGENCE!!! losetup -L continues to use SLE12 SP1 and SP2 specific meaning --logical-blocksize instead of upstream --nooverlap (bsc#966891). - Make release-dependent conflict with old sysvinit-tools SLE specific, as it is required only for SLE 11 upgrade, and breaks openSUSE staging builds (bsc#994399). - Extended partition loop in MBR partition table leads to DoS (bsc#988361, CVE-2016-5011) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2016-1446=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): libblkid-devel-2.28-7.1 libblkid-devel-static-2.28-7.1 libblkid1-2.28-7.1 libblkid1-debuginfo-2.28-7.1 libfdisk-devel-2.28-7.1 libfdisk-devel-static-2.28-7.1 libfdisk1-2.28-7.1 libfdisk1-debuginfo-2.28-7.1 libmount-devel-2.28-7.1 libmount-devel-static-2.28-7.1 libmount1-2.28-7.1 libmount1-debuginfo-2.28-7.1 libsmartcols-devel-2.28-7.1 libsmartcols-devel-static-2.28-7.1 libsmartcols1-2.28-7.1 libsmartcols1-debuginfo-2.28-7.1 libuuid-devel-2.28-7.1 libuuid-devel-static-2.28-7.1 libuuid1-2.28-7.1 libuuid1-debuginfo-2.28-7.1 python-libmount-2.28-7.2 python-libmount-debuginfo-2.28-7.2 python-libmount-debugsource-2.28-7.2 util-linux-2.28-7.1 util-linux-debuginfo-2.28-7.1 util-linux-debugsource-2.28-7.1 util-linux-systemd-2.28-7.1 util-linux-systemd-debuginfo-2.28-7.1 util-linux-systemd-debugsource-2.28-7.1 uuidd-2.28-7.1 uuidd-debuginfo-2.28-7.1 - openSUSE Leap 42.2 (noarch): util-linux-lang-2.28-7.1 - openSUSE Leap 42.2 (x86_64): libblkid-devel-32bit-2.28-7.1 libblkid1-32bit-2.28-7.1 libblkid1-debuginfo-32bit-2.28-7.1 libmount-devel-32bit-2.28-7.1 libmount1-32bit-2.28-7.1 libmount1-debuginfo-32bit-2.28-7.1 libuuid-devel-32bit-2.28-7.1 libuuid1-32bit-2.28-7.1 libuuid1-debuginfo-32bit-2.28-7.1 References: https://www.suse.com/security/cve/CVE-2016-5011.html https://bugzilla.suse.com/947494 https://bugzilla.suse.com/966891 https://bugzilla.suse.com/982331 https://bugzilla.suse.com/987176 https://bugzilla.suse.com/988361 https://bugzilla.suse.com/990531 https://bugzilla.suse.com/994399