Ubuntu update for util-linux
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-5011 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system libblkid1 (Ubuntu package) Operating systems & Components / Operating system package or component util-linux (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU64464
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-5011
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows an attacker with physical access to perform DoS attack on the target system.
The vulnerability exists due memory leak in the parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux. An attacker with physical USB access can perform denial of service attack via a crafted MSDOS partition table with an extended partition boot record at zero offset.
MitigationUpdate the affected package util-linux to the latest version.
Vulnerable software versionsUbuntu: 16.04
libblkid1 (Ubuntu package): before 2.27.16u buntu3.10+esm2
util-linux (Ubuntu package): before 2.27.16u buntu3.10+esm2
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:libblkid1_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:util-linux_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-5478-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
