Ubuntu Security Notice USN-533-1
22nd October, 2007
util-linux vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06 LTS
Software description
- util-linux
Details
Ludwig Nussel discovered that mount and umount did not properly
drop privileges when using helper programs. Local attackers may be
able to bypass security restrictions and gain root privileges using
programs such as mount.nfs or mount.cifs.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.04:
- mount 2.12r-17ubuntu2.1
- Ubuntu 6.10:
- mount 2.12r-11ubuntu2.1
- Ubuntu 6.06 LTS:
- mount 2.12r-4ubuntu6.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.