Bug 218728 - emulators/linux_base-c7: update util-linux to 2.23.2-33.el7_3.2
Summary: emulators/linux_base-c7: update util-linux to 2.23.2-33.el7_3.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Tijl Coosemans
Depends on:
Reported: 2017-04-18 13:41 UTC by Piotr Kubaj
Modified: 2017-05-26 10:51 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (emulation)
tijl: merge-quarterly-

patch (6.40 KB, patch)
2017-04-18 13:41 UTC, Piotr Kubaj
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Kubaj freebsd_committer 2017-04-18 13:41:47 UTC
Created attachment 181865 [details]

Security Fix(es):

* A race condition was found in the way su handled the management of child
processes. A local authenticated attacker could use this flaw to kill other
processes with root privileges under specific conditions. (CVE-2017-2616)

Red Hat would like to thank Tobias Stöckmann for reporting this issue.

Bug Fix(es):

* The "findmnt --target <path>" command prints all file systems where the mount
point directory is <path>. Previously, when used in the chroot environment,
"findmnt --target <path>" incorrectly displayed all mount points. The command
has been fixed so that it now checks the mount point path and returns
information only for the relevant mount point. (BZ#1414481)


The port with patch applied builds fine for c7 and c7_64 on Poudriere with 10.3-RELEASE.

MFH because of security fix.
Comment 1 commit-hook freebsd_committer 2017-05-26 10:49:32 UTC
A commit references this bug:

Author: tijl
Date: Fri May 26 10:49:21 UTC 2017
New revision: 441769
URL: https://svnweb.freebsd.org/changeset/ports/441769

  Update util-linux to 2.23.2-33.el7_3.2.

  PR:		218728
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>

Comment 2 Tijl Coosemans freebsd_committer 2017-05-26 10:51:33 UTC
We don't install su so the problem doesn't affect us.