1175 matches found
Updated util-linux packages fix security vulnerability
A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion CVE-2018-7738...
Critical Photon OS Security Update - PHSA-2018-0037
Updates of 'linux-aws', 'mysql', 'paramiko', 'linux-secure', 'patch', 'python3', 'net-snmp', 'linux-esx', 'binutils', 'linux', 'mercurial', 'pycrypto', 'python2', 'util-linux', 'xerces-c', 'zsh', 'sqlite' packages of Photon OS have been released...
Fedora Update for util-linux FEDORA-2018-668664ba84
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 27 : util-linux (2018-668664ba84)
Security fix for CVE-2018-7738 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
[SECURITY] Fedora 27 Update: util-linux-2.30.2-2.fc27
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program...
Debian DSA-4134-1 : util-linux - security update
Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user in particular root is tricked into usi...
[SECURITY] [DSA 4134-1] util-linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4134-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 10, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4134-1] util-linux security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4134-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 10, 2018 https://www.debian.org/security/faq -...
DSA-4134-1 util-linux - security update
Bulletin has no description...
Debian: Security Advisory (DSA-4134-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-201803-02 : util-linux: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-201803-02 util-linux: User-assisted execution of arbitrary code It was discovered that the umount bash-completion as provided by util-linux does not escap mount point paths. Impact : An attacker controlling a volume label could...
CVE-2018-7738
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...
DEBIAN-CVE-2018-7738
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...
CVE-2018-7738
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...
CVE-2018-7738
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...
UBUNTU-CVE-2018-7738
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...
util-linux elevation of privilege vulnerability
util-linux is a set of software packages used in Linux systems and contains a variety of system administration tools, it provides tools to load, unload, format, partition and manage hard drives, open tty ports and get kernel messages. A security vulnerability exists in bash-completion/umount in...
util-linux: User-assisted execution of arbitrary code
Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description It was discovered that the umount bash-completion as provided by util-linux does not escap mount point paths. Impact An attacker controlling a volume label...
CVE-2018-7738
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...
CVE-2018-7738
The CVE-2018-7738 entry concerns util-linux before 2.32-rc1, where the bash-completion/umount script mishandles certain mountpoint names, allowing a local attacker to escalate privileges via an autocompletion sequence in Bash. Exploitation is demonstrated by embedding shell commands in a mountpoi...