[Pardus-security] [PLSA-2007-45] util-linux: Sensitive information disclosure
Ismail Dönmez
ismail at pardus.org.tr
Fri Mar 16 16:02:01 EET 2007
-------------------------------------------------------------------------------------
Pardus Linux Security Advisory 2007-45 security at pardus.org.tr
-------------------------------------------------------------------------------------
Date: 2007-03-16
Revision: 1
Severity: 1
Type: Local
-------------------------------------------------------------------------------------
Summary
=======
A NULL dereference in umount can result in sensitive information
disclosure
Description
===========
umount allows local users to trigger a NULL dereference and application
crash by invoking the program with a pathname for a USB pen drive that
was mounted and then physically removed, which might allow the users to
obtain sensitive information, including core file contents.
Affected packages:
util-linux, all before 2.13_pre7
Resolution
==========
There are update(s) for util-linux. You can update them via Package
Manager or with a single command from console:
pisi up util-linux
References
==========
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0822
-------------------------------------------------------------------------------------
-------------- sonraki bölüm --------------
Yaz� olmayan bir eklenti temizlendi...
�sim: kullan�lam�yor
T�r: application/pgp-signature
Boyut: 189 bayt
Tan�m: kullan�lam�yor
Url: http://liste.uludag.org.tr/pardus-security/attachments/20070316/889d5c4d/attachment.pgp
More information about the Pardus-security
mailing list