Bug 695924 (CVE-2011-1677)
Summary: | CVE-2011-1677 util-linux: umount may fail to remove /etc/mtab~ lock file | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | kvolny, kzak |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-02-21 08:34:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 695940, 738789, 768382 | ||
Bug Blocks: | 734217, 734543, 742493 |
Description
Vincent Danen
2011-04-12 22:15:51 UTC
Created util-linux-ng tracking bugs for this issue Affects: fedora-all [bug 695940] To correct the CVE description, umount is leaving lock (and temporary) file behind when it is killed by a signal. umount can easily be killed while performing mtab update, as it does not block signals in the same way mount does (which is unaffected by this issue, as Karel noted in bug #695921, comment #2). Summary of the patches that were committed upstream to address this and related issues can be found in bug #695940, comment #5. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1691 https://rhn.redhat.com/errata/RHSA-2011-1691.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0307 https://rhn.redhat.com/errata/RHSA-2012-0307.html |